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@ WARNING 


The procedures in this book are extremely dangerous. 
Whenever dealing with electricity, special precautions 
must be followed in accordance with industry standards. 
Failure to strictly follow such industry standards may 
result in harm to life and limb. Furthermore, many of the 
procedures described in this book are highly illegal and 
will result in stiff legal penalties to the offender. 

Therefore, the author and the publisher disclaim any 
liability for any damages or injuries of any type that a 
reader or user of information contained within this book 
may encounter from the use of said information. Use this 
book and any end product or by-product at your own risk. 
This book is for information and academic purposes 
only! 
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@ INTRODUCTION 


Communications is the key element in any covert mil- 
itary or intelligence enterprise. Effective C3 (command, 
control, and communications) is what makes things hap- 
pen at the pace and sequence required for a mission’s suc- 
cess. The commander who best employs communica- 
tions technology will have the most influence on the out- 
come of the engagement. 

Guerrillas, spies, fugitives, and international terror- 
ists all operate in the subterranean world of the “under- 
ground.” These individuals and groups need to commu- 
nicate secretly among themselves as well as with sup- 
porters and sometimes with the rest of the world. There 
is seldom any high-tech hardware provided by some 
third party to conduct these secret exchanges. There also 
are no actual rules or protocol to transfer the communica- 
tions safely between the parties involved. Such commu- 
nications almost always are time-sensitive and critical in 
nature—missions and lives are often contingent on the 
communications being sent safely. 

Underground operations are conducted for every- 
thing from the collection of critical information to the 
overthrow of a government. Such operations are often 
faced with an opposition that has more power and better 
resources. To operate secretly in a potentially hostile 
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environment requires you to live, organize, and commu- 
nicate covertly. After all, knowledge is power only when 
you have the capacity to collect, exchange, and dissemi- 
nate information. 

“Going underground” is more of a constant state of 
alert rather than an actual place or destination. It means 
living and operating out of sight. It means organizing and 
keeping secrets, which must be collected and exchanged 
like currency or a perishable commodity. It also means 
taking extraordinary precautions against getting caught. 

There is very little enticement or reward for those 
who choose to operate in this manner. Getting caught 
conducting covert activities sometimes means getting 
killed. Very few operatives have the stomach for protract- 
ed operations in a high-threat environment, where noth- 
ing is as it appears and few participants are worthy of 
complete trust. 

A small cellular team can operate in this environment 
only with discipline, specific well-defined goals, struc- 
tured command, and flawless communications. There are 
no rules in this level of conflict, and there is minimal 
margin for error. It’s a new kind of warfare, and covert 
communications is the key to success. 

This is SPYCOMM, the technology and techniques of 
collecting and exchanging information secretly. This book 
will provide a variety of technical communications capa- 
bilities for a compartmentalized underground organiza- 
tion. Reliable, anonymous communications using indige- 
nous resources and the existing international communica- 
tions infrastructure are emphasized, and primitive-to- 
advanced techniques for exploiting existing facilities 
already “on the ground” are stressed. This approach is 
intended to comply with the well-established doctrine of 
unconventional warfare that places emphasis on improvi- 
sational application of existing and alternative technolo- 
gies as an integral component of covert operations. 

Tactical communications can be defined as those 


things that you need to learn about your opposition as 
well as all information about your mission that you need 
to collect and exchange among elements of your group. 
Tactical communications in a hostile area between units 
involved in underground activities requires speed, relia- 
bility, and security. Modern “off the shelf” technology 
can make this happen in virtually any environment if the 
personnel and equipment are available. Fortunately, 
most of this technology is already in place in all industri- 
alized and many developing nations worldwide. 

Covert communications can be employed as an ex- 
tremely effective tool in the conduct of an underground 
enterprise. In fact, it can actually function as a weapon 
against your opposition. The ability to transfer informa- 
tion secretly among your group or to disseminate it to the 
target audience involved in a conflict or political struggle 
can be an incredible asset in any covert operation. 

Your ability to communicate covertly may be contin- 
gent on your ability to communicate anonymously 
among the clutter of “legitimate” communications. Being 
able to improvise a communications network from 
scratch using only those materials commonly available 
and being able to conduct communications without a 
trace are perhaps the most powerful capabilities any 
operative or team leader can contribute to the conduct of 
an underground operation. 

It should be clearly emphasized to the reader that 
many of the techniques outlined in this book are focused 
on the tampering and modification of equipment and ser- 
vices that are owned by the government and/or commer- 
cial enterprises. This approach sometimes involves theft 
or interruption of service. Because of the potential for 
abuse, this book is presented for information and aca- 
demic purposes only. 
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1@ MODERN EXAMPLES 
OF UNCONVENTIONAL 
COMMUNICATIONS 


Every day, people around the world use imagination 
and improvisation to communicate in an unconventional 
manner while conducting intelligence operations or wag- 
ing war. Let’s look at some recent examples. 


GRENADA 


During the U.S. invasion of the tiny Caribbean island 
of Grenada in 1983, the accelerated characteristics of fire 
and maneuver during the large-scale essault created some 
periodic, temporary losses in small-unit C3. In one wide- 
ly reported incident, a small U.S. Marine reconnaissance 
unit found itself pinned down in an unoccupied building 
during a firefight with Cuban military advisors. When the 
squad’s forward air controller (FAC) attempted to reach 
rear echelon command to request a fire mission, the radio 
link failed. 

Instead of panicking or attempting a withdrawal from 
the area, the unit’s commander found a working tele- 
phone inside the building. He contacted the overseas 
operator and asked to be connected with the Pentagon in 
Washington, D.C. The operator refused to place the call 
because of a lack of billing information. One of the 
marines gave the operator his parent’s long-distance tele- 
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phone credit card number and the call was put through. 
The marine explained the situation to one of the duty 
officers at the Pentagon and requested air support. 

Within minutes the fire mission request was relayed 
to the Marine Corps command on the ground in Grenada 
and approved. The ground trembled outside the building 
Hy protecting the stranded reconnaissance unit as rocket fire 
was brought down on the enemy positions. Quick think- 
ing and an improvisational mind-set enabled this elite 
small unit to communicate and carry on. 


i AFGHANISTAN 


During the war in Afghanistan, a psychological war- 
fare operation was developed by Central Intelligence 
Agency (CIA). A small FM radio transmitter, no larger 
| than a pack of cigarettes, was connected to an auto- 
reverse Sony Walkman cassette player. The tape was a 
message in Russian offering Soviet troops a variety of 
incentives for desertion. The transmitter broadcasted the 
message continuously on Russian tank radio frequencies, 
where lonely Soviet conscripts spent hours in the hot, 
cramped crew compartment monitoring the radio. 

The boredom and searing heat probably contributed 
to the impressive success of this classified operation. 
Many Soviet soldiers showed up at the Pakistan border 
willing to surrender weapons, ordnance, and, in many 
cases, vehicles and documents in exchange for the terms 
presented by the miniature “pirate” radio stations. 


MOZAMBIQUE 


In 1987, guerrillas operating with RENAMO in 
\ Mozambique were provided anonymous assistance with 
Mi covert communications in their fight with the socialist 
regime. In the dense jungle of one of the poorest countries 
on the African continent, semiliterate native guerrillas 
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used Tandy Model 100 lap-top computers interfaced with 
solar-powered FM transceivers to maintain high-speed 
digital communications links with command elements. 
This low-cost, sophisticated, off-the-shelf technology is 
fairly secure when properly employed. 


BELIZE 


Ina remote section of jungle in the Central American 
country of Belize, a young man has built and installed his 
own television system. He has hooked up a satellite dish 
to pick up American commercial broadcast feeds directly 
off of the orbiting communications satellite. He decodes 
these signals and then broadcasts them over normal TV 
channels. Local villagers are provided with televisions 
operated by car batteries and charged a couple of dollars 
a month for this homemade subscription television ser- 
vice. He has complete control over all local programming, 
and if enough people are late with their monthly service 
fee, he simply shuts the entire “network” down until the 
villagers take up a collection and settle their accounts. 

In an uncharacteristically stable and friendly country 
bordered by several contested regions in Central 
America, a segment of the local population is exposed to 
U.S. media and commercial marketing. This is a unique, 
creative approach to exposing the American way of life to 
a small, impoverished nation without foreign aid or sig- 
nificant U.S. government involvement. Although some- 
what unconventional, this particular case is generally 
considered to be conducive to positive relations with the 
United States and is peripherally consistent with U.S. 
foreign policy objectives in the region. 


PANAMA 


In 1988, the brutal regime of Panamanian dictator 
Manuel Noriega had complete control over all broadcast- 
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ing and print media. A small group of Panamanian exiles 
and dissidents living in the United States created several 
“underground” newspapers using home computers and 
desktop publishing software. These publications were 
sent by fax machine to various anti-Noriega elements in 
Panama, who printed camera-ready newspapers on ordi- 
nary copy machines and distributed them throughout 
most of the major urban centers in the country. 

Although Noriega appeared almost every night in 
front of adoring crowds on his state-run television news 
programs, these covert underground newspapers were 
fostering and developing growing discontent. In fact, in 
the aftermath of the December 1989 U.S. invasion of 
Panama, independent polls indicated that 83 percent of 
Panamanians supported the overthrow of Noriega. 

U.S. foreign policy objectives were met with the sup- 
port of friendly indigenous personnel, careful orchestra- 
tion of the demise of Noriega’s public image in Panama, 
and, ultimately, with minimum military force. 


ROMANIA 


Unlike Panama, the government of Romania was a 
well-entrenched, tightly controlled, and constantly 
guarded dictatorship. All media devices—including 
typewriters, photocopy machines, printing presses, 
broadcast and print media, school books and curriculum, 
and music and entertainment—were strictly censored by 
the state and tailored to reflect the regime’s objectives and 
policies. 

Outside influences still had a significant impact on 
the population, however. Voice of America, Radio Free 
Europe, and various commercial and government 
shortwave radio broadcasts did reach individuals in 
the tightly controlled population, and the seeds of dis- 
content were carefully planted over several decades. 
As the reform movements and democratic develop- 
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ment of neighboring East European nations became 
common knowledge in Romania, dissident groups 
became more openly vocal about their discontent. 
When the regime of dictator-for-life Nicolae Ceausescu 
attempted to impose the textbook communist response 
of violent reprisals against dissidents, this too was 
reported, and the response from the population was 
immediate and violent. 

What is notable about the popular uprising in 
Romania is not just the rapid pace of developments but 
also the tactics employed by the supporters of the coup. 
Instead of protracted guerrilla warfare or acts of terrorism 
to attack the government's infrastructure, they simply 
had to seize one minor piece of real estate to win the con- 
frontation—the state-run television and radio center in 
Bucharest. The dissidents seized the media center and 
with it the attention and support of the population. Once 
they gained access to the masses, all that was left was to 
execute the leadership. 

The public execution of the Ceausecus was seen on 
every TV screen in Romania and throughout the world, 
graphically demonstrating the power of communications. 
The dictatorship created a centralized media system that 
ultimately communicated live and in graphic terms the 
demise of the dictator and his wife in front of a firing 
squad. This, of course, did not solve all of the problems 
or instantly create a stable society in Romania, but the 
point is that the world watched a small voice of dissent 
grow into a roar of popular uprising with the seizure of 
communications and access to the masses. 


Every day around the world, small groups of people 
are using communications technology to operate covertly 
in hostile settings to reach large numbers of people with 
an alternative message, and to influence the way these 


people perceive themselves and their society. Indeed, 
communications technology has been and is being 
employed to inform the masses, influence opinions, con- 
duct wars of liberation, overthrow governments, and 
change history. 

Going underground to conduct a covert operation has 
become much more viable because of improvements in 
communications technology. An underground organiza- 
tion can employ a number of alternative electronic tech- 
nologies to greatly enhance the effect of the enterprise. 
Communications can be seized, borrowed, or bootlegged 
to gain access to other members and even to create a large 
organization in a short period of time. 

Underground communications technology can allow 
the clever and persistent organization to have a great deal of 
impact on a society or an audience. This nonviolent 
approach can be devastating to the opposition. As seen in 
the above examples, governments have been influenced and 
sometimes even toppled with minimal violence because 
communications were used as the tool of the dissident. 

Whether you need to communicate with a small group 
of individuals in an underground organization or require a 
means of accessing the masses, communications technolo- 
gy can be the most effective tool available. The operative 
must use imagination and creative tactics to exploit the 
existing infrastructure and get the message sent to the right 
person or audience cheaply and without getting caught. 
Yet the act of communicating covertly is one of the risky 
elements of the conduct of the operation it supports. A 
clear head and careful planning are essential to the safe, 
effective use of underground communications. 
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2 @ELEMENTS 
OF COVERT 
COMMUNICATIONS 


Communications is both an art and a science. It can 
be defined as the practical art of expressing thought, 
instructions, or ideas. It is also the science of managing 
and transmitting information. 

Covert operations is a more abstract term. Covert is 
generally construed to mean disguised or concealed. A 
covert operation may be an active or passive enterprise, 
usually focused on specific individuals or groups of 
individuals. It must conceal its existence, intentions, 
and techniques during planning and execution. (In fact 
a true covert op is kept secret even after the mission is 
completed.) 

Covert communications is the science of exchanging 
information without detection, disseminating informa- 
tion without permission, and collecting information 
without the knowledge or consent of the target. Covert 
communications is also the art of concealing the transfer 
of information. 

Various aspects of underground operations must be 
considered before a reliable method of secure communi- 
cations can be created and implemented. In military or 
intelligence operations, these aspects are known as the 
Essential Elements of Information (EEI). 
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ESSENTIAL ELEMENTS OF INFORMATION 


Military intelligence is intended to collect, process, 
and disseminate EEI in the conduct of war. In conven- 
tional land warfare, specific facts are “mission essential” 
to the conduct of the operation. These facts typically are 
based on terrain, weather, and the enemy. The comman- 
der who has the most timely and accurate information 
regarding these three areas generally can exert the most 
influence on the outcome of the engagement. 

For example, an understanding of the tactical aspects 
of the terrain allows the most effective use of available 
cover, seizure of the high ground, or interruption of the 
enemy's lines of communications. Being prepared for the 
weather and exploiting its conditions can be deadly 
offensive tools in small-unit actions. Hard intelligence on 
the intentions, capabilities, strengths, and weaknesses of 
the enemy allows the commander to destroy him with 
less effort and in less time. 

In covert operations or unconventional warfare, these 
elements are also applicable to some degree. There is, 
however, always much more information required than 
these three specific areas. The fundamental difference is 
that although you are faced with an opposing force 
(OPFOR), you seldom have the intention of or capability 
for direct confrontation. Rather, you often are conducting 
your mission among elements of the OPFOR on terrain 
occupied by the OPFOR. Unless you understand EEI, 
your survivability under these conditions is historically 
quite poor. 


Operating Covertly in a Hostile Environment 

Anytime you wish to conceal information about your- 
self or your activities, you are involved in a covert opera- 
tion. Furthermore, whether you are participating in an 
undercover narcotics investigation, gathering corporate 
intelligence for a competing firm, or for one reason or 
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another forced to go underground, you are operating in a 
hostile and potentially dangerous environment. Your 
immediate threat is not capture or confrontation—it is 
operational compromise. 

In order to operate securely in a hostile environment, 
EEI for any covert operation must be outlined completely 
to all participants. They will include, but will not be lim- 
ited to, the following: 

1. TERRAIN. Detailed maps and knowledgeable 
“guides” are vital to understanding the area, establishing 
penetration and extraction routes and alternates, and 
knowing where unforeseeable or random events might 
occur on a regular basis. The locations of safehouses, 
drop points, meeting and contact areas, and local opposi- 
tion strongpoints are all factors of terrain. The “terrain” 
may bea building, city, or country. 

2, POPULATION. An understanding of the indige- 
nous population is essential for operational existence 
among them. Ethnic, religious, occupational, and recre- 
ational information is of particular use. Whether you 
intend to penetrate a “clique” of people, factory, small 
community, or major urban area in a foreign country, 
your understanding of the general characteristics of the 
population, regardless of its size, is essential. 

3. HISTORY. Background information regarding indi- 
viduals, areas, groups, or conditions in the target area is 
most useful. The facts regarding the criminal history of 
an individual you may have to recruit or study, the 
ancient history of why one group will always hate anoth- 
er group in the target area, and the constantly changing 
political and economic history of an area or group of peo- 
ple are all useful bits of background that can be exploited 
as you try to accomplish your secret agenda. 

4. OPPOSITION. The opposition will, of course, 
include enemy forces who will actively search you out. 
But more importantly, the opposition is also comprised 
of peripheral individuals and groups who might frown 
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on your activities. The means by which spies, unconven- 
tional warfare operatives, and even criminals and terror- 
ist groups are defeated is often related to information pro- 
vided to the active opposition by passive elements with- 
in the local population. It is vital to understand that infor- 
mants can be more of a direct threat to you than the actu- 
al enemy. 

5. RESOURCES. Resources are often what make a 
covert operation happen. Outside support for the insur- 
gency is considered the most vital factor in a protracted 
guerrilla war. 

Resources from within are also a significant factor. 
Identifying and then exploiting available materials and 
personnel is what makes virtually any covert operation a 
success. Your ability to exploit these available resources, 
both openly and covertly, is based upon your individual 
skill and knowledge of how to best do so. 

Resources are not just tangible materials or personal 
participants in a covert operation. Resources can also be 
conditions that can be exploited. The accurate depiction 
of the corruption and conditions caused by a tyrannical 
dictatorship is a significant resource that can be har- 
nessed to create and maintain an indigenous population’s 
“will to fight.” 


Understanding the basic concept of EEI is critical 
before the operative attempts to develop a means of 
covert communications for a specific operation. Failure 
to completely understand one or more of these five areas 
has compromised more operations, caught more bad 
guys, and killed more agents than all other factors com- 
bined. The means by which you maintain contact among 
active personnel as well as with any “target audience” 
must be carefully tailored to the terrain, population, his- 
tory, opposition, and resources available. Understanding 
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this obvious prerequisite, let’s examine the critical areas 
of covert C3. 


COMMAND, CONTROL, aN COMMUNICATIONS 
(C’} 


The essential elements in any underground commu- 
nications network are: 

1. SECURITY. Covert message traffic must be de- 
signed to protect the content of the message. Equally as 
important, the means by which the message is exchanged 
must be designed to protect the sender and the receiver. 
Above all, the measures taken to protect content and par- 
ticipants must not, by their very nature, call attention to 
themselves while meeting the basic security require- 
ments. In other words, ifthe opposition can determine 
that you are sending covert communications, you are in 
as much danger as if they understood the content of the 
message in the first place. 

This concept cannot be stressed enough. Operational 
compromise occurs more frequently in covert work due 
to detection or capture of agents in the process of sending 
obviously encrypted traffic than it does from any other 
aspect of communications. Paraphernalia and devices 
designed to provide communications security (COMSEC) 
should never be employed in a manner where their very 
presence causes compromise. Avoid those technologies 
that provide some degree of COMSEC but require elabo- 
rate physical security. 

2. RELIABILITY. Underground communications must 
be designed to function without failure under exceeding- 
ly unpredictable conditions. Any system or device that 
requires constant maintenance by skilled technicians or 
substantial operating skill to deploy effectively under 
adverse conditions is essentially worthless. Networks 
that require constant monitoring by human operators or 
that are for one reason or another “time-intensive” to 


Elements of Covert Communications ¢ 17 


employ are of no value. Reliability means having con- 
stant backup and contingencies planned and practiced 
by all elements. Reliability means simplicity—nothing 
hard to perform or complicated to remember. 

3. FLEXIBILITY. Regardless of how secure and reli- 
able the communications system, there is always a sub- 
stantial possibility that the security measures will be 
defeated or penetrated or the system will temporarily fail 
or break down. Therefore, one must maintain a flexible 
mind-set. Flexibility is easy to define but often difficult 
to teach or instill in even the most clever operative. 

Flexibility is not simply a specification of hardware 
capabilities; it is also a state of mind. Imagination com- 
bined with a well-developed “improvisational mind-set” 
should be a prerequisite to admission to an underground 
cell. It eliminates dependence on a prearranged plan and 
allows the operative to employ whatever resources he can 
access to securely communicate even if the intended 
materials are not available. Such a mind-set eliminates 
panic in an urgent or dangerous situation where commu- 
nications are vital. 

4. SPEED. In underground communications, there is 
clearly a “need for speed.” Covert communications must 
be transcribed into a “normal sounding” code rather 
quickly, and it must be decoded just as fast. The actual 
transfer of the message from sender to user must also be 
rapid. This makes for more secure traffic and decreases 
the likelihood of compromise. The faster the transaction, 
the less reliance on whatever method or hardware 
involved; thus more reliability is achieved. 

The focus on speed is also beneficial to message for- 
mat. Codes for both priority and routine traffic must be 
implemented to reduce on-air or connect time. This pro- 
motes rapid understanding and the ability to interact and 
respond in less time. Thus, command and control deci- 
sions can be made faster. Additionally, well-executed fast 
transactions tend to be better organized and less cluttered 
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with worthless or nonessential information. Since trans- 
missions must be carefully thought out before being sent, 
they are likely to contain accurate, timely information. 

5. ACCESS. In general, a communications system 
must employ existing facilities already “on the ground” 
in the target area. Access to these facilities must appear to 
be quite ordinary. This approach is generally safer, more 
reliable, less expensive (your operation likely has a limit- 
ed budget), and faster than installing your own system. 
There are many techniques using existing technology and 
hardware to which you and your operatives have access 
that will provide a higher degree of security and a 
smoother transfer of essential information than your own 
deployment of specialized hardware to accomplish the 
same thing. 


Regardless of whether you are collecting, exchanging, 
or disseminating information, the above five criteria must 
be considered in your operational planning. If, for exam- 
ple, you are attempting to maintain contact with a world- 
wide network of paramilitary personnel for message or 
fund transfers, you must carefully consider all of the 
above areas. If you want to reach a mass audience illegal- 
ly, it is important to consider the medium to which the 
target audience has reliable access. If you are recruiting 
dissidents or insurgents in a foreign country, flexibility, 
speed, and security are vital. If you understand the essen- 
tial elements of your communications system, you will 
expend less time experimenting and more time using 
your creative energy to develop methods and technolo- 
gies that are most suitable for your agenda. 
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PART II 
@ 
EXCHANGING 
INFORMATION 


3 @ESTABLISHING 
COMMUNICATIONS 
NETWORKS 


The efficient flow of operational details, assignments, 
logistic requirements, and intelligence information is the 
most critical aspect of any covert operation. This section 
focuses on a variety of methods to exchange messages in 
a manner that is intended to elude detection. These tech- 
niques certainly are not foolproof or applicable in all sit- 
uations, and many are illegal or unethical. One funda- 
mental consideration for the operative is that anytime an 
illegal tactic is used to communicate sensitive informa- 
tion, the act of sending the information becomes as dan- 
gerous as its content. Sound judgment and common sense 
are critical. 

Another critical aspect in underground operations is 
the clear understanding of chain of command. Your oper- 
ation will almost always take on a military or paramili- 
tary structure in order to maintain effective control of all 
elements. The communications, or COMMO, plan must 
meet the specific needs of all echelons. 

Underground groups typically operate in carefully 
isolated and compartmentalized cells. Each cell is actual- 
ly a mini organization with a personality and structure 
all its own based on its mission. Cell members only affili- 
ate operationally among themselves, although the identi- 
ty of each agent often is further isolated from all other 
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agents in the cel]. Cells have no means of establishing 
contact with other cells, and each has acommander anda 
second in command who can contact the organization's 
actual leadership. 

The exception to this is the action cell. It often is a 
close-knit and interdependent group of guerrillas who 
must trust each other with their lives. They must plan, 
train, and function as a team. Operational tasking for an 
action element is conducted by the element’s commander 
only. In fact, the actual organization may have no knowl- 
edge of the identity of the individuals in the action cell. 
The cell commander is given a mission to perform, and 
he is often left with the complete control of selecting, 
training, and arming his team with specialists from the 
underground community who would be suitable for the 
given task. 

Other cells may be assigned technical or logistical 
tasks that establishes their individual characteristics and 
communications needs. A cell that continuously moni- 
tors the opposition’s radio traffic, for example, may func- 
tion in an agent/handler configuration. (A handler re- 
cruits and supervises, or runs, agents by contacting each 
on a one-to-one basis to meet the specific needs of the 
individual and to collect intelligence. Generally, he 
answers directly to the operation commander.) A cell that 
is assigned the task of maintaining safehouses or meeting 
places may function in an entirely different way and have 
much different intelligence and communications needs. 

The commander of an underground organization uses 
a variety of communications mediums to maintain com- 
mand and control over all these isolated cells in a man- 
ner that keeps him and all other participants as separate 
and controllable as possible. He executes the mission 
from a concealed and generally mobile command post 
(CP). The CP must maintain contact with all first-echelon 
cell commanders through a covert command network. 

It is up to the communications officer to create a com- 
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prehensive communications plan. The plan must take 
into account the mission and all EEI to create a number of 
separate communications networks that have pre-estab- 
lished priority. Though your requirements may include 
other networks, the following should be included: 

1. COMMAND NET. This is the highest priority com- 
munications network in the system. Instructions and 
orders are sent along this network by the overall com- 
mander of the operation to individual cell commanders. 
Operatives are not authorized to use this net, nor do they 
generally even have access to it. 

2. INTELLIGENCE NET. This is the second highest 
priority network. It also serves as an alternate COMMO 
net in the event the command net is compromised or 
destroyed. 

This network is designed to provide command with 
time-sensitive intelligence relating to EEI, situation 
reports (SITREPS) regarding specific actions, and any 
immediate requests for support that will affect the out- 
come of the mission. The intelligence net also covers 
operations and is often called the INTEL/OPS net. 

3. DIRECT ACTION NET. Due to the sensitive nature 
of the use of force in an underground operation, all 
“action element” commanders are provided a separate 
network to coordinate an action as well as to receive acti- 
vation or abort commands and threat warnings, target 
acquisition information, and so on. The direct action net 
is carefully controlled and “cut out” from all other areas 
of the system. This compartmentalization provides isola- 
tion from other aspects of the operation to protect both 
the participants in the action and other members of the 
operation. 

4, ADMINISTRATION/LOGISTICS NET. The ADMIN/ 
LOG net provides all operatives with basic support 
needs. Coordination of safehouses, financial support 
assets, materials, and weapons are “sourced” through 
this network. 
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By compartmentalizing communications system into 
several networks, the following critical conditions are 
established: 

1. ISOLATION. By having several communications 
networks to conduct an operation, you achieve a degree 
of “damage control” if any one net is compromised. For 
instance, if the ADMIN/LOG net is compromised, the 
opposition will have acquired only specific information 
regarding logistics. Your overall objective is not compro- 
mised by the security failure of any one net. 

2. FLEXIBILITY. Should any net fail, you are not auto- 
matically out of business. Compartmentalization allows 
you to fall back on preset backup planning. Until the 
command network is restored, for example, you can 
employ your intelligence net to communicate. 

3. ORGANIZATION. Separate communication net- 
works allow different aspects of an operation to proceed 
simultaneously. Routine and priority traffic can be estab- 
lished and maintained on each network. Individual com- 
mand requirements, organizational tasking, and overall 
information flow will run smoother and with less “clutter.” 
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4 @ VISUAL 
COMMUNICATIONS 


Sending information visually encompasses written 
messages, covert signalling, and face-to-face meetings. 
Visual communications can also be conducted by elec- 
tronic means—including photographic intelligence 
(PHOTINT), video, facsimile (fax) image, and more 
sophisticated hardware—though this is not always possi- 
ble or practical from a security or economic perspective. 
Therefore, this chapter will focus on the nonelectronic 
transfer of visual communications. 

The clandestine exchange of visual communications 
is an ancient form of “tradecraft” taught and used by 
every intelligence or underground enterprise for literally 
thousands of years. One of the best schools for this activi- 
ty is operated by the U.S. Central Intelligence Agency. 

Candidates for the Clandestine Services of the CIA are 
sent to a secure government training facility to learn the 
various aspects of tradecraft. This facility, officially known 
as Camp Peary, is located just outside Williamsburg, 
Virginia, about 50 miles from Richmond and about 155 
miles south of Washington, D.C. This 10,000-plus-acre 
wooded facility is on the western slope of the York River 
and to the east of Interstate Highway 64, between exits 55 
and 56. To the north of the camp is the York River State 
Park, and to the south is the U.S. Naval Supply Center. 
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Old CIA hands from the 1950s called Camp Peary 
“Camp Swampy” because large portions of the facility 
were muddy, inhospitable marshlands full of mosquitoes. 
More recent graduates call it “the Farm,” and it has 
become the subject of fiction and legend in spy circles. 

Camp Peary is guarded by armed U.S. Marines and 
security personnel. A chain link fence with barbed wire 
and electronic intrusion devices surrounds the entire 
facility. It has a private airstrip with a large letter Rin 
white painted on the ranway—presumed to indicate that 
landing rights are restricted. 


NORTH 


Camp Peary, Virginia (AKA “the Farm”). Approximate location: 37°, 
16 Latitude North; 76°, 36’ Longitude West. 
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Camp Peary served as a Navy Seabee training facility 
and a POW camp for captured German soldiers during 
World War Il. Because of these past uses, there are several 
obstacle courses, weapons ranges, and an area that serves 
as a mock interrogation facility on-site. Two creeks and a 
number of ponds on the grounds are used in training as 
well as for recreation, since fish are abundant. The camp 
has an excellent gym, swimming pools, and other physi- 
cal training facilities such as jogging trails. Large brick 
buildings serve as classrooms and quarters for the 
trainees during the sixteen-week initial training in covert 
operations. 

The official CIA cryptonym for the facility and its 
training program is ISOLATION. The orgins of this term 
seem to be based on the fact that certain foreign govern- 
ments friendly to U.S. interests have arranged to send 
some of their intelligence people to the Farm for training. 
These individuals are flown directly from their countries 
to Camp Peary; many, in fact, have no idea they are even 
in the United States while being trained by language- 
qualified CIA personnel. 

In less than four months, the trainers at the Farm teach 
the basic tactics and techniques of covert operations. The 
trainee is exposed to physically demanding and arduous 
conditions while learning the realities of clandestine oper- 
ations, from essential paramilitary skills such as hand-to- 
hand combat and light weapons handling to lectures on 
past CIA successes and failures in covert ops. 

Trainees are taught that intelligence work is a fluid 
and constantly changing endeavor. It can be mundane 
and exciting at the same time. It requires initiative and 
excellent interpersonal skills, since the future handler 
must observe, assess, and approach potential agents in a 
very specific way intended to protect the process until 
the prospect is “hooked” into the enterprise. Covert com- 
munications, devised in a well-thought-out, generally 
quite clever COMMO plan, provides agents with instruc- 
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tions and assignments, as well as the means by which 
they are paid and expected to provide specific bits of 
intelligence product to the handler. 

The specific techniques of communicating with 
agents that the future handler will recruit and run are 
probably the most heavily covered and stressed topic. 
The COMMO plan is designed to collect and exchange 
information secretly using these age-old techniques. 
These essential skills are also taught at other infamous 
espionage schools such as the Midrasha outside Tel Aviv, 
where Mossad agents are trained, and the KGB school at 
Dzerzhinsky Square in Moscow. 

No matter where the skills are taught, the danger of 
compromise is always addressed. Trainees are taught that 
the clandestine exchange of information is the most dan- 
gerous part of running a cell of agents. If any aspect of the 
operation has been placed under scrutiny by the opposi- 
tion, it is likely that they are waiting to confirm their sus- 
picions by catching one or more participants in the act of 
transferring information. Case histories are discussed to 
establish the hazards of clandestine exchanges and leave 
little doubt in the trainees’ minds of what will occur if 
they or one of their operatives are detected in the process 
of covert communications. 


EXCHANGE SIGNALS 


The most critical part of aCOMMO plan is the ability 
of each participant to be able to signal the need to com- 
municate before the actual exchange of information 
occurs and indicate the method or medium of the ex- 
change as well as the priority of the message. A situation 
where the agent simply services a prearranged drop ona 
regular basis is rare. Covert work is too dynamic for any- 
thing so habitual. 

The trainee is instructed in the art of signalling—the 
creative use of prearranged, generally nonverbal, anony- 
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mous Cues that indicate the need by one participant to 
communicate a visual message to the other. The primary 
operational characteristics of this approach are to pro- 
vide both the agent and handler with the ability to con- 
ceal their need for communication from the opposition, 
as well as to determine the priority of the message and 
the authenticity of the sender. Again, all this should 
occur before the actual exchange. 

The meaning of several signals must be established. 
These include: 

1. 1 HAVE A MESSAGE TO SEND. This is accom- 
plished by alerting the contact with a prearranged signal. 
It could be the presence or absence of a light or object ina 
window, the placement of an innocuous advertisement 
in a local paper, or simply a collect telephone call toa 
“wrong number” at the contact’s residence. The medium 
employed is never associated with the one used to actual- 
ly send the message. 

2. MY MESSAGE IS URGENT/IMMEDIATE/ROU- 
TINE. The priority of the message is included with the 
sign for the need to communicate. In other words, the 
message would be understood as, I HAVE AN URGENT 
MESSAGE TO SEND. The priority of the traffic is impor- 
tant for many reasons. An informant may have time-sen- 
sitive intelligence about your target, he may need funds 
or some sort of help, or he may simply need to find out 
what he is supposed to be doing with a specific case. 

Upon receiving a clandestine signal that a specific 
priority message exchange is needed, certain information 
must be conveyed in order to receive the message safely. 

3. AUTHENTICITY. Regardless of how cleverly you 
have arranged to signal that a message needs to be ex- 
changed, it is critical that you also have a prearranged 
group of signals that indicate that the message is valid 
and being sent by the right person. 

It should be obvious that when you are arranging the 
transfer of visual information, you or one of your opera- 
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tives can be compromised. Therefore, as a vital safeguard, 
a duress warning signal must be established. This indi- 
cates that while the party attempting to send the message 
authenticates its validity, he or she is doing so under 
duress. This person has been compromised and is being 
coerced into uncovering the operation, and his ability to 
appear to be cooperating is frequently what keeps him or 
her alive. You must recognize the duress warning signal 
and appear to be willing to acknowledge the source and 
authorize the exchange. 

If the duress warning signal is present, your agent 
may die if you ignore him. Yet if you do not ignore him, 
you will probably be compromised yourself to some 
degree. Arrange the message transfer only after assessing 
the potential damage. If your message is designed in a 
way that it is completely anonymous, it would be impos- 
sible for the OPFOR to isolate you specifically as the 
recipient. Unfortunately, if you have had any contact 
with the agent under duress and he is trying to contact 
you with a message, your identity has probably been 
established by the opposition already. 

What is important here is that all parties accept and 
understand what will happen if the duress warning sig- 
nal is sent. If you are conducting a dangerous intelligence 
operation, advise all participants that if they are compro- 
mised and the signal of duress is sent, no assistance or 
cooperation will ever be provided at the expense of the 
operation. You will, however, use all of your resources to 
influence the opposition to release your agent. 

It is important that each member in a cell at least 
believe that if he is captured or compromised, you as the 
commander or handler will go to great lengths to protect 
him. This cannot be stressed enough. If the operative send- 
ing the duress warning signal believes that it will only pro- 
tect the cell and the operation, he is unlikely to send it. It 
is left up to you to establish what actions to take in sup- 
port of the party sending the duress warning signal based 
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on the operation, the individual participants, and the 
risks. Again, it is vital for all cell members to believe that 
sending the duress warning will not only protect the oper- 
ation but also benefit them in some immediate way. 

Upon determining that the message signal is authen- 
tic and not sent under duress, you must then confirm 
receipt and arrange the exchange. 

4. CONFIRMATION. This acknowledges to the party 
wishing to communicate that you understand and accept 
the signal. It is done by some prearranged indicator, such as 
a specific number of matches removed from a matchbook 
and thrown down ina specific location or a certain arrange- 
ment of window curtains. The confirmation obviously 
should be different from the initial signal. 

5. ARRANGEMENT TO EXCHANGE. The signal that 
is sent with the confirmation should also indicate what 
method you want to use to make the exchange of infor- 
mation. There should be a wide range of prearranged 
choices. For example, the confirmation signal could be 
the placement ofa specific brand of food on a shelf ina 
supermarket at a specific time. Casually mixing one 
brand of product a set number of shelf items from where 
it belongs could indicate that the message is confirmed 
and the exchange will take place at dead drop number 3. 

CIA trainees are provided with a variety of sugges- 
tions for creating a clandestine signal system in any envi- 
ronment. Though it is up to the trainee’s imagination to 
create his or her own methods, there are three important 
characteristics of any message signal system: 

1. The system should be quite “normal” in appear- 
ance and not betray its intent, even under close profes- 
sional observation. It should be integrated as part of the 
operative’s routine. 

2. The actual transfer of the signal should be done in 
an anonymous manner, such as through a publicly acces- 
sible medium or along a well-traveled route. 

3. The essential elements of the various signals 
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should be completely separate from each other. The 
request to send should not be related to authentication. 
The duress warning signal should not be a specific signal 
but rather the absence of a specific signal. The confirma- 
tion can contain the arranged method of exchange, but 
the actual method must be predetermined. 

The important aspects of exchanging visual infor- 
mation—the request to do so, the verification of the 
authenticity of the request (and if it is or is not under 
duress), and the confirmation and arrangement to con- 
duct the exchange—must be carried out so they isolate 
the OPFOR from knowledge of the contact. Creative 
use of the environment can permit two parties under 
professional surveillance to get the message signal 
across without much risk. Assumption of being 
observed and carefully scrutinized, acceptance that the 
transaction may be compromised, and determination 
to accomplish the exchange in spite of these factors is 
what gets the signal sent. 

A useful hint in creating a covert signal system is that 
the five elements involved with the transaction should be 
established on a one-on-one basis with each operative. 
Although the essential elements should always be 
stressed, each operative can develop his own approach 
for individuals in his cell. In most cases, the signals 
should be focused on the absence of something instead of 
the presence of something. More sophisticated approach- 
es, such as the slight alteration of an object or image, can 
be useful; however, simplicity is paramount to reliable 
signal transfer. 

The need to communicate face-to-face is the most 
dangerous aspect of underground communications, and 
it is only done because of a specific need to interact with 
the individual, such as for briefing, debriefing, or recruit- 
ing. Although extremely risky, face-to-face meetings are 
frequently essential. They can provide the commander 
with the ability to assess nonverbal cues and characteris- 
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tics that cannot be communicated by radio or telephone 
or expressed in writing. 

As you study your environment and activities to cre- 
ate a message signal system, remember that the various 
signals are somewhat interchangeable in format. Create 
your list of possible approaches to signalling, assess the 
value of each approach, then select a method for each 
stage of the process. 


EXCHANGE MEDIUMS FOR 
VISUAL COMMUNICATIONS 


The “medium” employed to make the exchange is 
also stressed in training. A medium can be an object, 
place, or person. 

The standardized content of the actual message should 
be established. The typical rule here is that the message 
should be as small as possible. If sending photographs, for 
instance, the message should be in the form of exposed 
film or microfilm concealed in a small, ordinary object. If 
the operative needs to exchange written notes or text, the 
material should be encoded, reduced in size, and con- 
cealed in a small package. For example, an 8 1/2 x 11-inch, 
single-spaced typewritten page can contain about five 
hundred words of encoded text. This can be physically 
reduced several times on an ordinary photocopy machine. 
If the copier is fairly good, the 8 1/2 x 11 sheet can be 
reduced to the size of an ordinary 2 x 3 1/2 business card. 
This can then be rolled into the bottom half of a cigarette, 
which can be lit, partially smoked, and put out in an ash- 
tray in a hotel lobby or before entering an elevator. 

CIA trainees are taught a number exchange mediums. 
Three ancient concepts are the dead drop, live drop, and 
brush pass. 


Dead Drop 
A dead drop is a physical location that is used for the 
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unattended exchange of the message. It has significant 
advantages in several areas: 

1. The two parties exchanging information don’t have 
to be present simultaneously to conduct the exchange. 

2. Third parties can be employed to make the drop as 
well as service it. 

3. The actual timing of the exchange is usually flexible. 

There are also disadvantages to a dead drop. Some 
that should be carefully considered: 

1. The message is left in an area that is accessible to 
the opposition. If the OPFOR discovers the drop location, 
they can attempt to intercept both the message and the 
participants in the exchange. 

2. Due to the temporary lack of physical security of 
the message, it must be encoded. Possession of an encod- 
ed message is incriminating and dangerous. 

3. Dead drops generally are in accessible areas where 
different conditions and circumstances can affect the trans- 
fer. Random, unforeseeable events may affect the drop. 

Overall, a dead drop is an excellent clandestine mes- 
sage medium. The transfer of messages in this way has 
one significant feature that outweighs all the negative 
aspects—the content of the message is not affected. If an 
agent needs to exchange any type of formatted traffic— 
including written, photographic, audio, or video traffic— 
the dead drop can be employed. The drop can also be 
used to transfer logistical support materials such as 
weapons, ammunition, electronic communications 
equipment, or collection devices. 

There are three basic criteria for a dead drop: 

1. It should be in a “neutral” area located along a well- 
traveled route (e.g., crowded public areas). 

2. It should be physically difficult to surveil while 
maintaining a realistic number of approach and escape 
routes. Public libraries, rest rooms, and transportation 
facilities are all suitable. 

3. Its physical appearance should not betray its con- 
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tent. It should be something that can permit placement 
and retrieval quickly and without appearing to be out of 
the ordinary. 

A dead drop should be seriously considered as an 
option for clandestine exchanges. Your environment con- 
tains literally millions of potential locations that can be 
utilized—the creativity of the operative is the main ingre- 
dient in determining which will work for the specific sit- 
uation. The following locations and methods have 
proven to be quite useful as dead drops in urban areas. 

1. PUBLIC TELEPHONE BOOTH. In older phone 
booths, the receiver and microphone cap can be un- 
screwed and a small message inserted. Placing a small 
piece of plastic (such as part of a plastic sandwich bag) 
up inside the coin return slot can be used not only to tem- 
porarily store a message, but also to keep change from 
being returned to callers who get no answer or a busy sig- 
nal. Good guerrillas can always use extra change. The 
plastic cover of the phone book allows a fairly thick text 
message to be inserted in the spine of the book. 

2. NEWSPAPER VENDING MACHINE. If minimal 
time is involved in the exchange, the front newspaper 
that displays the headlines can have a message inserted 
in its pages when the drop maker purchases another 
paper. The coin return slot can also be used in the same 
manner as the phone. 

3. GROCERY STORE. Placing the message or item 
behind a food display is useful. Also consider taping it 
underneath shelves or inserting it into specific packages. 
Be alert for security personnel if your approach appears 
to be clandestine; you may be suspected of shoplifting. 

4. WALKING THE DOG. When taking an animal fora 
walk, there are constant and irregular “stops” along the 
way. The animal can be encouraged to sniff around a spe- 
cific drop point while you appear to wait impatiently. 

5. MAINTENANCE POINTS. A paper towel dispenser 
in a public rest room, the vacuum cleaner dust bin at a car 
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wash, or the underside of a metal shelf inside a janitor’s 
closet are all examples of maintenance points that can be 
used as dead drops. Though access is often limited to the 
person responsible for maintenance, these locations are 
frequently left unsecured. A document sealed in a plastic 
bag and placed inside of a liquid soap dispenser in a rest 
room is a good example. 

6. PUBLIC TRANSPORTATION. For short-duration 
drops, a City bus is excellent, The sender gets on and 
places a small message under a seat panel, among adver- 
tisements posted along the upper walls, or in a bus sched- 
ule bin. Within minutes, the receiver gets on the bus and 
retrieves the message. 

Public transportation such as trains, taxicabs, and 
buses can also perform a unique courier service for a cel- 
lular operation, functioning as a sort of “mobile drop.” A 
European terrorist group employed the same taxicab for 
all of its basic transportation needs, sometimes leaving 
messages and even funds for cell members in the back- 
seat cushion. The cab was called by number to pick up 
cell members at various places throughout the day. 

7. FIXTURES. Any item that is accessible and perma- 
nent can be used as a dead drop. Vending machines, plant 
holders, lamps and candle holders in restaurants, and so 
on are all good drop fixtures. 

8. REFUSE. Any item that is normally considered 
garbage or litter can be employed in a dead drop plan. 
An empty cigarette pack crunched up and left at a spe- 
cific location is a common KGB and GRU tactic. Empty 
soda cans used to be employed extensively; however in 
today’s “environmental awareness” era, aluminum cans 
will be picked up for recycle if “dropped” by an agent. 
A certain wastebasket, Dumpster, or bin can be the drop 
location. 

The advantage of refuse is its commonality in many 
areas, as well as its “untouchable” nature. Most litter is 
almost invisible to ordinary perception. In fact, many peo- 
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ple cannot recall a specific piece of litter on the ground 
during a walk through a park. Thus the operative can place 
a specifically labeled wrapper or container in a fairly obvi- 
ous spot and, unless the litter itself has value (such as an 
aluminum can) or the area of the drop is regularly policed 
by groundskeepers, it is actually quite secure. 

9. MAGNETIC CONTAINERS. These can be made or 
obtained from any hardware or discount store. Small 
magnetic key boxes can store one page of text and can be 
attached quickly and securely to the underside of vehi- 
cles, restaurant tables, telephone booth ledges, etc. 

10. LIBRARIES. Libraries are among the best dead drop 
locations. An operative can check out a book, place a mes- 
sage carefully in the cover or along the spine, and return it 
to the book depository. He then instructs the recipient to 
check out the book in a day or two, after it has been placed 
back on the shelf. (Looking in the back of the selected book 
will indicate if it has been checked out recently.) Old or 
obscure books located high or low on the shelves are ideal 
for these transfers. The microfilm and card catalog draw- 
ers are also quite suitable, as are the magazine archives, 
library furniture, and rest rooms. 

The above are only examples of possible dead drops. 
Use your imagination and create a list of several loca- 
tions. Assess each one and select the best and an alter- 
nate. Consider your life-style and normal routine as a 
contributing factor. It is bad form to alter your life-style to 
service a drop. It will be recognized by the opposition 
immediately for what it is. 

Current technology has created other types of dead 
drops that are useful alternatives to physical or visual 
communications. The electronic mailbox concept is 
probably the most prevalent means of secure information 
exchange when a high degree of isolation and anonymity 
is needed. Computer bulletin boards, telephone mailbox 
transfers, automated fax systems, and ordinary answer- 
ing machines have much potential in this regard. 
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Discussions of these technologies and their applications 
can be found later in this book. 


Message-Received Signal 

When the operative has completed the cycle and 
picked up, or serviced, the drop, a means of advising the 
sender that the message was received is the final compo- 
nent in the process. The message-received signal can be 
as simple as a mark on a wall, such as crayon or chalk 
graffiti, or more complicated, such as the absence of an 
ornament normally hung over the rearview mirror of a 
vehicle parked on a busy side street. 

The message-received signal is vital to the physical 
security of the drop. If the sender does not receive the sig- 
nal within a reasonable amount of time, he must con- 
clude that the drop has been burned for one reason or 
another and go to a prearranged backup plan. 

The trainee should be advised that message-received 
signals are the only means of ensuring that the opposi- 
tion has not stopped the drop process. Yet the Farm 
instills in each trainee that although the signal indicates 
that the process was completed, it is by no means a reli- 
able indicator that the drop has not been compromised 
somehow. The opposition may have intercepted the 
material, copied it, and replaced it, or the drop may have 
been placed under surveillance by the opposition. The 
message-received signal simply indicates to the sender 
that the receiver did service the drop and has received 
the message. 


Live Drop 

When an operation is facing an active OPFOR, it is 
frequently under alert surveillance. The content of the 
visual message must be kept away from the opposition, 
and the actual physical security temporarily lost during 
the dead drop process sometimes is not acceptable. In 
this instance, a person can be employed as the exchange 
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medium. The individual who serves as a conduit for 
information, either knowingly or unwittingly, is known 
asa live drop. 

A live drop can be a bartender at a favorite watering 
hole, a barber, or a local deliveryman, He may know the 
content and purpose of the message, although this is 
quite rare. A live drop usually is an unwitting participant 
in the message transfer. If he is a willing participant, then 
he needs to have a duress warning signal to warn opera- 
tives of any danger. 

CIA career trainees are advised that the use of a live 
drop generally is not a good idea. Although the right condi- 
tions may exist for the clever application of this technique, 
it is not as free from surveillance as it may appear, and the 
physical security of the message is limited to the physical 
security of the individual serving as the drop. This 
approach is also open to an infinite number of random risks 
and potential problems that are impossible to predict. 

Message signals are employed in the same manner as 
with a dead drop. This helps ensure operational security 
(OPSEC) and also eliminates the need for both the sender and 
receiver to keep a level of surveillance over the live drop. 


Brush Pass 

The brush pass offers the greatest amount of physi- 
cal security for a message transfer. An agent or repre- 
sentative casually brushes against another person and 
places the message in his hand or pocket. It requires sig- 
nificant practice to perform properly. This excellent 
transfer means keeps any sensitive message in the 
hands of the operatives only—it is not left anywhere or 
with anyone. 

CIA trainees are drilled extensively in both the use of 
this technique and the methods of teaching its basics to 
potential operatives. The message signals are similar to 
drop servicing, though there is one other signal em- 
ployed. When the brush pass is about to take place, the 
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sender must have a means of advising the receiver that 
the pass is safe to attempt. This signal is something that is 
present, such as a pen in a specific pocket. If the signal is 
not there, it warns the receiver that the sender suspects 
surveillance or is under duress. 

The receiver of the message must also have a signal to 
indicate to the sender that it is “clear” to attempt the 
exchange from his point of view. The warning, termed the 
abort message signal, could be the absence of a newspa- 
per or a watch turned around on the wrist. It is very 
important. 

The brush pass has some hidden dangers that must be 
carefully assessed. For instance, in many urban areas cer- 
tain drug transactions are conducted using a covert hand- 
off similar to the brush pass technique. In their refined 
mode, brush passes often appear to be some sort of pick- 
pocketing, which may alert a plainclothes officer trained 
to observe such activity. 

Eye contact must be avoided during a brush pass. 
Heavy, unidentifiable crowds are present in most brush- 
pass scenarios, and although crowd behavior in many 
countries is predictably disinterested and detached, a 
trained observer will almost always be able to detect a 
brush pass taking place. 

The most significant problem of using the brush pass 
is the amount of training and practice involved with 
teaching certain types of “agents” (such as a hotel maid 
or an employee of a target company) the technique to 
transfer information for two operatives. CIA trainees are 
given numerous case histories where the brush pass was 
employed as a security precaution and went bad 
because of the random observer or unpredictable sce- 
nario occurring. 

The brush pass has its advantages and limitations. 
With careful and constant practice, the operative can 
employ this ancient technique in certain situations with 
success. 
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APPLICATIONS FOR 
VISUAL COMMUNICATIONS PLANNING 


The communications officer can employ the visual 
communications exchange as integral components of any 
underground network. The basic features of visual ex- 
change are security, bulk message transfer capability, and 
low-technology hardware requirements. The fundamen- 
tal problems most encountered are complexity of routine, 
slow process of exchange, and intensity of training 
required for all participants. Each individual COMMO 
net has capabilities and limitations in employing visual 
communications. 


Command Net 

The need for complete understanding of operational 
instructions as well as a multilayered isolation from all 
cells tend to make visual communications highly useful 
in delegating authority and sending clear orders. Slow 
process can bea problem. 


INTEL/OPS Net 

This network requires the most anonymous and most 
reliable means of communication available. Intelligence 
personnel often need to transfer detailed reports and pho- 
tographic and image documents, as well as receive multi- 
page tasking assignments. Speed is a significant problem 
in the operations section. 


Action Net 

There are severe limitations for internal use of visual 
communications with this network. Although command 
can provide instructions using this media as well as acti- 
vate “sleeping” units quite effectively, the need for rapid 
communications that are difficult to intercept or trace 
requires voice communications (see Chapter 7). Action 
cells are composed of physically tough, highly trained, 
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teamwork-oriented specialists. It is generally the most 
interdependent cell, and its internal COMMO network 
reflects this. Speed and reliability are the most vital 
aspects of the communications plan for this element. 


ADMIN/LOG Net 

For administrative purposes, visual communications 
are useful but limited. Document control and potential 
for security leaks frequently make visual communica- 
tions impractical. Additionally, in many underground 
cells the administrative and logistics network is made up 
of sympathizers, indigenous members of the local popu- 
lation, and more “mainstream” population segments who 
are only part-time participants in the underground opera- 
tion and seldom active in any incriminating capacity. 
Therefore, this network requires a less covert method of 
communications that allows it to quickly open and close 
down safehouses, transfer funds and materials, and oth- 
erwise participate without any trace of the participation. 

Overall, visual communication requires a level of 
training and practice to be effective. It is an excellent 
medium for covert intelligence ops but is less useful in 
fast-paced direct actions. Visual communications ex- 
change procedures are well-suited as a primary means of 
running agents, and make excellent alternate or backup 
systems for deactivation and abort commands. 
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5 @ BULK TEXT 
MESSAGE 
PROCESSING 


After teaching the basic methods of message transfer 
using physical means, the CIA training program focuses 
on the process of miniaturizing messages and documents. 
Methods such as tiny camera applications and the use of 
microfilm and microdots are explained. 

Unfortunately, many operatives do not have access to 
such sophisticated “spy toys’: and hardware. This chap- 
ter will discuss alternative means for condensing text 
messages using ordinary devices. 


IMPROVISED MICROFILM 


In many underground operations, there is a need to 
transfer a large amount of text information. Intercepted 
log sheets, detailed biographical data on a target or oppo- 
sition member, operational details for a mission, and so 
on can sometimes entail hundreds of pages of text. 

The following technique is simple, reliable, and capa- 
ble of condensing more than five hundred pages of type- 
written text and illustrations into a package smaller than 
a pack of cigarettes. 

An ordinary 35mm single lens reflex (SLR) camera is 
purchased new or used. Most low- and medium-priced 
35mm cameras come with a standard 50mm lens. 
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on the floor and the camera is focused to get a sharp 
image from approximately 4 feet. Using ordinary slow- 
speed black and white film, the operative photographs 
four sheets per frame. A bright desk lamp is a good light 
source. (The standard flash attachment tends to produce 
a bit of glare on the page.) After some practice, one can 
condense a detailed typewritten report into a small pack- 
age very cheaply. 

For example, a single-spaced typewritten piece 
of paper can hold about 500 words of text. Thus, 
2,000 words can be pro- : 
cessed on each frame. 
A 72,000-word docu- 
ment, or 144 pages of 
text, can be processed 
on each 36-exposure 
roll of film. Of course, 
drawings and photographs 
can be transferred as well 
using this technique. 

There are significant advantages to 
employing this technique. Photo- 
graphed text can be concealed 
from the casual observer more 
easily than bulky paper, and it 
can be developed at leisure 
by the recipient. If in the 
process of transferring the 
roll of film the agent is com- 
promised at the drop point or 
in transit, he can quickly pull the tab on the 
roll and expose the film. Perhaps the most ~ soe se 
notable aspect of this approach is the fact 35mm camera set upto { 
that the operative can get his own equip- S00t improvised micro- ) 


Four 8 1/2 x 11 sheets of typewritten text are placed a 
i 


ry * . i 5 
ment and conduct this technique with Tiasstien cation Gh 


minimal training or supervision. Mark Camden) 
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Ifimprovised microfilm is detected or discovered, the 
content will be considered some sort of espionage mes- 
sage. Fortunately, 35mm cameras and film are common 
worldwide and quite normal in appearance. Black and 
white film can be developed quickly using an inexpen- 
sive home darkroom, thus eliminating the need for out- 
side photo processing. 

Improvised microfilm is probably the most secure 
and reliable technique of transferring visual information 
via the dead or live drop or brush pass. Two rolls of film 
can fit inside of a cigarette pack and can contain 288 
pages of single-spaced typewritten text, which is the 
equivalent of 576 pages of double-spaced text. 

For many types of text, four pages per frame can be 
enlarged with a fair degree of image resolution. Yet there 
can be problems with putting this much text onto each 
frame of 35mm film. The fundamental problem is the 
need for exacting photo processing by the recipient of the 
film. Additionally, the individual taking the photographs 
must have a steady tripod and an excellent source of 
light. Since it is not always possible for the individual 
taking the photographs to be particularly skilled, nor is it 
likely that he will have an opportunity to review his 
handiwork, an alternative method should be considered 
for the relative neophyte. 

As a communications officer for an underground unit, 
it may be better to instruct an operative to simply photo- 
graph one page of text per frame, and to carefully monitor 
the quality of the text. It is important to keep things to a 
basic level of skill that any member of any cell can use 
effectively with a great deal of confidence. 

As a result of a 1982 FBI sting operation, our Soviet 
friends were kind enough to unwittingly provide a docu- 
ment outlining photographing techniques for a “neo- 
phyte” operative. Their military intelligence apparatus 
GRU (Glavnoe Razvedyvatelnoe Upravlenie) is very 
aggressive in the Washington, D.C., area in its attempts to 
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collect any morsel of useful information about U.S. mili- 
tary capabilities. The activities of the Pentagon are, of 
course, the highest priority target for the GRU. 

Agents assigned to military attaché duties at the 
Soviet Military Office (SMO) at 2552 Belmont Road in 
northwest Washington are expected to “work” the 
metropolitan area continuously, collecting tidbits of mili- 
tary information at trade shows, public access areas, and 
even in bars and restaurants. GRU intelligence personnel 
are well trained and have had a number of successful 
penetrations of critical U.S. military operations. 

What is interesting is the fact that instead of aggres- 
sively focusing activities on high-level U.S. military per- 
sonnel, the Soviets seem to specialize in the development 
of lower-ranking military and civilian employees of the 
Department of Defense (DOD) as sources. These clerks, 
secretaries, and radio operators are “spotted” by GRU 
agents, and a number of methods are employed to deter- 
mine their vulnerabilities. If, for instance, a radio opera- 
tor is in a financial bind, a GRU agent may pose as a mem- 
ber of the intelligence agency of a third nation and pay 
for what would appear to the victim to be fairly “harm- 
less” information for the legitimate needs of a nonhostile 
foreign power (as is often represented by the GRU agent). 

Another good source of information for the GRU is, in 
fact, “walk-in” business, where a low- or mid-level U.S. 
military contractor or soldier simply visits or somehow 
contacts the Soviet military and offers services for a fee or 
some other consideration. The FBI counterintelligence 
division squad, CI-3, maintains constant surveillance on 
the SMO building for this very real threat. 

Because the Soviets are successful with low-level 
DOD employees, GRU agents are versed in training the 
average American citizen in a variety of basic covert 
communications. The obvious method for spying on 
one’s country is to collect classified documents or 
equipment and secretly transfer them to the paying 
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DEAR JIM ( MAY I CALL YOU SO) 
THANK YOU FOR YOUR NOVEMBER VISIT AND YOUR PARCEL. ALL THE DOCS ARE 
VALUABLE. I HOPE YOU AGREE THE MONEY YOU RECEIVED COVERS YOUR EFFORTS 
AND GOOD START. I THINK WE WILL CONTINUE OUR MUTUALLY BENEFICIAL BUSI- 
NESS, I WILL DO MY BEST TO INSURE YOUR SECURITY. PLEASE DO THE SAME ON 
YOUR PART. 
ALL NEXT REWARDS - ACCORDING TO THE VALUE OF THE DOCS. 
SORRY FOR THE COMPLICATED WAY OF OUR FIRST TRANSECTION. YOU UNDERSTAND 
IT WAS DONE ONLY FOR SAFETY REASONS. 

IN OUR FURTHER COOPERATION I RECOMMEND YOU THE FOLLOWING: 
- KEEP TRYING TO COLLECT UP TO DATE, COMPLETE, WITH HIGHEST CLASSIFI- 
CATION DOCS AND KEEP THEM AT HOME OR IN ANY SAFE PLACE YOU CHOOSE. 
- THE BEST WAY TO COPY THEM IS BY CAMERA. I ENCLOSE ADDITIONAL S$ 
400.00 FOR THAT PURPOSE AND RECOMMEND YOU TO BUY AT THE W. BELL & CO 
AN “OLYMPIC OM-IM" WITH £/1.4 LENS. USE WHITE &BLACK CODAK FIIMS 
“PANATOMIC -X, 52 ASA". TO MAKE A COPY OF GOOD QUALITY BY SURE TO FIX 
FOCUS AT A DISTANCE NOT MORE THAN 18-20 INCHES.LIGHT - 1 TABLE LAMP X 
100 WATTS, BEFORE SHOOTING A DOCUMENT MAKE SOME CONTROL SHOOTINGSOF 
ANY OTHER SIMILAR TEXT. DEVELOP YOURSELF AND CHECK IT. IF STILLS ARE 
O'K, START SHOOTING DOCS. KEEP THE FILMS UNDEVELOPED IN CASSETS IN A 
‘i SAFE PLACE. BUY FILMS IN DIFFERENT STORES. 
- OUR NEXT TRANSECTION WILL BY IN APRIL. PREPARIED STUFF (FILMS OR 
COPIES) WRAP INTO WATERPROOF PACKAGE PREFERABLY IN A BLACK PLASTIC 
GARBAGE BAG. 

PUT THE PARCEL IN PLACE #1 (SEE DESCRIPTION). IF BY ANY REASON THE 
USE OF THIS PLACE IS DIFFICULT USE PLACE # 3 (RESERVED). THAN GO TO THE 
PLACE OF MEETING $ 4 AND BE SURE TO ARRIVE AT 8 P.M. WAIT FOR 10 MIN- 
UTES. IF I FAIL TO COME GO TO THE PLACE # 2 AND PICK UP MY PARCEL. IN 
CASE THERE IS NO PACKAGE IN 6 2, CHECK # 3. AFTER PICKING UP MY PARCEL 
PUT A SIGNAL AT A PLACE # 5. THAT WILL BE THE END OF THE TRANSECTION. 

IN MY PACKAGE YOU WILL FIND FURTHER INSTRUCTIONS. REED THEM AND 
FOLLOW THEM CAREFULLY. 
- FOR THE SAKE OF SECURITY OUR MEETINGS OR EXCHANGE OF PARCELS WILL 
TAKE PLACE NOT MORE THAN FOUR TIMES A YEAR. THE MORE DOCS YOU COL~ 
LECT IN FILMS THE HIGHER WILL BE REWARD. 
- IF BY ANY REASON WE FAILED TO MEET OR MAKE AN EXCHANGE COME AT 8 P.M. 
ON LAST SATURDAY OF EVERY MONTH COMMENCING MAY TO THE PLACE ¢ 6. IN 
THIS CASE YOU WILL MEET ME OR ONE OF MY FRIENDS, PLEASE FOLLOW ALL 
INSTRUCTIONS GIVEN IN DISCRIPTION OF #6. 
% - DO NOT TRY TO CONTACT ME BY ANY WAY, IF EVERY MEANS OF COMMUNICATION 
‘ MANSIONED ABOVE ARE CUT IT WILL BE MY DUTY TO FIND THE SAFIEST WAY OF 
¥ GETTING IN TOUCH WITH YoU. 

AFTER USING #6 1, 2, 3, 4, 5 DESTORY THEM AND KEEP # 6 ONLY. 
~ BE CAREFUL AND WISE NOW AND IN THE FUTURE WITH THE SPENDINGS. 
~ MAKE NECESSARY NOTES TO REMEMBER AND DESTROY THIS MESSAGE. 

WISH YOU THE BEST. 


YOUR FRIEND NICK. 


Reproduction of an FBI photo of GRU letter outlining steps for docu- 
ment theft and delivery. 


j sie 
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agent. The Soviets are fairly adept at this activity, keep- 
ing dozens of CI-3 agents busy monitoring the activities 
of GRU personnel. 

An FBI sting operation known as Operation Jagwire 
was carried out in 1982 when a civilian research contrac- 
tor for the Pentagon was used as a false walk-in to the 
SMO. The Soviet GRU officer took the bait and gave writ- 
ten instructions to the contractor on how to use an ordi- 
nary 35mm SLR camera to take good quality photographs | 
of documents without arousing any suspicion. 

As can be seen in the document, the Soviets employ 

the improvised microfilm approach to stealing docu- 
ments, and they advise not only the model of camera to 
be used but also the type of film. The recommended 
“Olympus OM-IM camera with fw1.4 lens” essentially is 
an ordinary 35mm SLR camera with a stock 50mm lens. 
Although the recipient of this letter was an FBI plant, it is 
interesting that this single-page document not only offers 
encouragement to the GRU’s new agent, but also outlines 
the simple method for document theft and provides a 
somewhat sophisticated communications plan employ- 
ing a series of dead drops and signals. 


PHOTOSTATIC REDUCTION 


Many modern photocopiers have a feature to enlarge 
and/or reduce an image. This allows the operative to 
reduce the bulk of a text message to a more manageable 
size. In order to get a good image from the reduction, the 
copier must be of fairly good quality and have been ser- 
viced recently. 

Text reduction via photocopier is useful if the follow- 
ing factors are considered and compensated for: 

1. IMAGE DEGRADATION. If the copier is not of good 
quality or needs servicing, the image reduction is degrad- 
ed. Normal-size copies may not be affected by poor reso- 
lution, but when text is reduced, subtle shades and other 
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signs of poor reproduction can be detected. You can fre- 
quently fix this problem by darkening or lightening the 
adjustment control on the front panel. 

2. IMAGE REPROCESSING. Up to 75-percent reduc- 
tion is realistic with most commercial copiers. What must 
be considered is that there will be an enlargement of the 
text on the other end of the message pipeline. This will, 
of course, be an enlarged “copy of a copy.” Thus the qual- 

4 ity of the copy machine on both ends of the process is 
important. 

3. SPECIAL IMAGE PROCESSING. Opaque screen 
sheets are now available that can be of great help in dif- 
fusing the image of a reasonable-quality black and white 
photograph. These inexpensive plastic overlays are 
available in graphic arts supply stores. They put tiny 
dots over the photo image that help diffuse it, making it 
much easier to copy a recognizable end product. The 
overlay is particularly useful for aerial photographs and 
photos of buildings. 


KMSGY HIOOX SSLOI 
96NMQ YCOGF WLJBZ { 
ORFMN LIKMZ 7U5EE 


KFZMM RLDOJ LDFRE 
18IKX WLHGF MNPR6 SGY HIOOX SSLOI WORXL 


8KMNB RFALK BV98H LIRNZ TUSEE ROQUN 


BEE Le BUYRC IKAOU NLNGe HNPRE Liwan 


PLMCG UHHHR 87652 RFALK BV98H GFDMO 
YHNZB MKINH UIL4T RRVFC XQOI1 LLKMB 
AXOMK KMJIT 5U90L MMONA UILAT DaKTO 


RFTYA JUIOL TVMZW SUsoL tvKew WYTHE 


Example of text reduction by a 
standard photocopy machine. 
! The text can still be readable, 
yet small enough to fit under- 
neath a postage stamp. 


FLMCG UNKNR 836 
NED HEINK UILET OBKTO 
ATONE RMGIT SUSOL 44FHK 
RFTTA SUIOL TYAEW HYTAR 
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Photocopy reduction of bulk text is not as effective as 
the improvised microfilm technique, but it is suitable as 
an expedient method. When using this approach it is 
important that the reduction process be followed with a 
test enlargement so that the sender is assured that the 
quality of the product is suitable for the receiver to 
enlarge and read. 
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6 @ GUERRILLA 
CRYPTOGRAPHY 


Communications security (COMSEC) is a serious 
aspect of covert communications. COMSEC entails every 
active measure to deny unauthorized access to communi- 
cations. It includes authentication procedures, physical 
security measures such as the use of drops, miniaturiza- 
tion of text, and cryptography. 

Cryptography is the art and science of communica- 
tions security. While covert operations require a secure 
means of transferring plain-text messages, there must 
also be built-in safety measures to defeat the OPFOR’s 
ability to understand the message should it intercept the 
message anyway. This chapter will focus on some easy- 
to-employ options for encoding or encrypting text. 

There is a difference between a code and a cryptogram. 
Both can be employed in underground communications, 
but the application of each is dependent on specific needs. 
A code is a prearranged group of symbols or characters that 
represents plain-text messages. It describes specific as- 
pects of the operation in a manner that denies the OPFOR 
access to the content of the message. Coding standardized 
or frequently used words, names, or messages contributes 
to brevity, security, and understanding. For example, a 
team member, opponent, or target can have a code name. 
A situation or a condition can have a code word. 
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Encryption is the random, unintelligible conversion 
ofa plain-text message. In an underground operation, the 
process of encryption must be fast, reliable, and secure. 
The coded product is termed a cryptogram. Although the 
term “code” has a different definition than “cryptogram,” 
the term “encoding” is generally meant to define the pro- 
cess of deceptively altering the content of a plain-text 
message by using a cipher system. 

There are two types of cipher systems used in mili- 
tary and intelligence operations. On-line cipher is an 
electronic method of encoding a message that is part of 
the transmission system. A voice scrambler, for example, 
is an on-line device. Off-line cipher isa method of 
encryption that can employ any number of transfer 
devices, including radio, visual, or wire. This section will 
cover off-line cipher techniques. 

Since the use of any code or cipher is somewhat 
incriminating, the first step in developing a text message 
COMSEC plan is to make the enciphered text appear to 
be quite normal. One means of doing so on an expedient 
level is known in tradecraft as document insertion. 


DOCUMENT INSERTION 


As is stressed throughout this book, all aspects of 
covert or underground communications should be de- 
signed to appear to be quite normal in content and pro- 
cess, The act of transfer should not betray itself. The act 
of encryption must follow the same rule. 

One important aspect of COMSEC is that the opera- 
tive should use a variety of means and methodologies to 
exchange information. This approach tends to further 
deny the OPFOR the capability to intercept and under- 
stand the message. Document insertion—placing an 
encoded message within the text of a normal document 
such as a newspaper, magazine, or book—is an age-old 
technique that employs several active measures in COM- 
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SEC and is probably the most secure expedient method of 
underground text-message transfers. 

For example, if the local library is used as a dead 
drop, the text message can be encoded with a one-time 
pad (more on this later) and the actual message inserted 
among the letters and characters on a specific page ina 
specific book. This multilevel approach is simple to 
employ and quite secure. 

The following techniques are useful in document 
insertion. 


Character Marking 

A sharp pencil can be used to carefully mark the 
desired characters on a printed page. “Pencil lead” is 
actually graphite. Although it has a dark gray image 
when pressed down on paper, it cannot be easily detect- 
ed over the black indelible ink of a printed book’s let- 
ters. However, when a marked page is held at an angle 
to fairly bright light (such as used for reading and com- 
mon in a library), the characteristic “shine” of the 
graphite markings on the characters is quite obvious to 
the naked eye. 

There are intrinsic security features to this approach. 
No physical security precautions need be taken for pos- 
session of an ordinary pencil, and once the receiver has 
copied the message, it can be erased. 

A black or blue pen can be used for character marking 
with fairly good results. The ink also tends to “shine” 
under light, although it cannot be erased as easily as pen- 
cil. Ink markings can be used for throwaway transfers 
using a newspaper or magazine. 

One unique and considerably secure tool for charac- 
ter marking is the ultraviolet (UV) pen. This is a marking 
pen used to invisibly mark property, such as stereos and 
televisions, for security purposes. Under an ordinary 
black-light bulb, the ink is quite pronounced. UV pens 
are available in many department stores and are often 
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given away free by police departments and community 
watch groups in the United States and Europe. 

Though somewhat elaborate, the most significant 
advantage of the UV pen is that it is considerably faster 
than the tedious method of slowly and carefully marking 
the text with a pencil or pen. The disadvantages of UV 
pen use are the obvious intent if caught marking text with 
one and the fact that the message cannot be erased from 
the page. 


Secret Writing 

The UV pen employs an age-old technique known as 
secret writing. Secret writing was used for centuries as a 
means of communications. A variety of substances have 
been used as invisible ink, from sophisticated chemical 
compounds to milk and even urine. The essential quali- 
ties of secret writing are that the message be inserted into 
an innocent document and the means of reading the mes- 
sage be reliable and secure. 

Secret writing is seldom used anymore because chem- 
ical analysis of paper is now fast and reliable. It has some 
use for POWs or prisoners, but again, it is not the wisest 
approach. It is normally employed only against the most 
naive or unsuspecting opposition. For example, in Nazi 
Germany the feared SS (Shutzstaffel) used secret writing 
on the back of paper ballots to determine how certain 
Nazi party members voted on various referenda. Or- 
dinary milk was used to number the back of each ballot. 
When dried milk is exposed to low heat, the markings 
turn brown and show up easily. The marked ballots were 
simply run across the heat of a candle or hot plate, and 
the numbers were easy to distinguish. 


Pin-Puncture Marking 

Other more innocuous measures of low-profile docu- 
ment insertion are simpler and much less suspicious, 
simply because there is no need for special “invisible 
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ink” pens or processing materials. It is impossible to 
overemphasize the inherent risks of having any type of 
“spy paraphernalia” in your possession. 

Probably the fastest method of reliable text marking is 
an ordinary straight pin or needle. The letters are marked 
with the pin point by carefully puncturing each character. 
Close scrutiny of the text will not reveal the message until 
it is held up to light. The pin puncture technique can be 
employed with newspapers, magazines, or any publica- 
tion that can be burned easily after use. Because their “uni- 
versal” nature makes their possession and use quite nor- 
mal, a good choice is those free entertainment or TV-ori- 
ented pulp publications or independent newspapers that 
generate revenues through advertising. They are given 
away at newsstands and in grocery stores in most cities. 

Document insertion can be used for SITREPS, command 
instructions, and warning orders, which are usually brief 
yet must be kept secure. Document insertion lends itself to 
dead drop and brush pass techniques quite well. 


Typewriter “Lift-Off’ Messages 

A more advanced method of document insertion 
involves a correcting electronic typewriter. These type- 
writers have a “lift-off” correction ribbon in addition to 
the ordinary print ribbon. Many typewriters that have 
this feature also have full-line correction, meaning you 
can push one button or key and remove the word you just 
typed or any word typed on the current line. Full-line 
correction has an unusual characteristic that can be 
employed in document insertion. 

The correction ribbon makes an impact on the page 
that cannot be erased. In fact, it is easier to erase the black 
typed image than it is to remove the white correction 
image. If you type a line on a typewriter with the lift-off 
ribbon and then use the full-line correction feature to lift 
off the entire line, it is still readable under good light (if 
nothing else is placed over it). By typing a “normal” dou- 
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ble-spaced letter and inserting your encrypted text every 
other line between the visible text, you have a fairly 
secure means of message transfer. To increase security, 
you can type your hidden message in this fashion on the 
back of the page of “normal” text. 

This approach can also be used with illustrations, 
although your text must “work around” the black lines of 
the artwork, since the correction ribbon will white them 
out. Another useful method of employing the correction 
feature is to take an ordinary envelope apart and type the 
message on the inside. Reassemble the envelope, put 
your “normal” message inside, and send it. 


Overlay Technique 

Probably the most secure means of document 
insertion is known as the overlay technique. The over- 
lay technique employs a separate sheet of paper with 
holes or markings on it that allow the operative to 
decode the actual text message. For instance, a page of 
an article, book, or letter is used as the medium. The 
operative has in his possession a sheet of paper that 
has holes punched through it with a paper punch. 
When the paper is placed over the page, the other let- 
ters in the text are covered and only the actual message 
can be read. 

For 8 1/2 x 11 pages, the hole punch process can be 
duplicated with an ordinary pin. For example, the opera- 
tive sends a multipage document to the receiver. One of 
the pages has pinholes in it. When the holes are punched 
through, one or more predetermined pages contain the 
desired message. 

Physical security is important with the overlay 
technique. Possession of an unmarked piece of paper 
with holes punched in it is very incriminating. For cer- 
tain applications, however, this method of document 
insertion is extremely secure and may be worth the 
risk. As seen, the size of the holes in the paper can be 
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quite small—the actual characters don’t have to be leg- 
ible so much as the holes have to be big enough to 
locate reliably. 


IMPROVISED ONE-TIME PAD 


Although covertly arranging the need to conduct a 
message transfer, establishing a method of exchanging 
the traffic, and inserting the message in an ordinary doc- 
ument all contribute to a high degree of COMSEC, the 
above methods of tradecraft are intended more to protect 
the physical security of the transfer and the identity of 
the operatives than to actually keep the content of the 
message secure from the enemy. What is needed at this 
point is a means of completely encoding the plain-text 
message such that it is extremely difficult for the OPFOR 
to decode. 

No code is “unbreakable.” Modern supercomputers 
can analyze and study literally every possible combina- 
tion available in an encrypted message and determine 
every possible message. This is no easy task. For instance, 
if one word in an encoded message has five characters in 
it, the computer system must use several means of 
“attacking” this “word.” The obvious way may appear to 
be by simply using its memory and speed to create a list 
of all five-letter words. 

There are several flaws in this seldom-used ap- 
proach. First of all, the computer does not know if the 
five encoded characters are indeed a “word” at all. 
They may be an abbreviation, a transposed number, or 
a word from a different language. Second, since there 
are twenty-six characters in the English language, to 
create a list of all combinations of five characters 
would require a tremendous amount of memory and 
time. The number of possible words that can be created 
out of a five-character group can be determined by 
using the following formula: 
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A= NUMBER OF POSSIBLE CHARACTERS (26) 
B= NUMBER OF CHARACTERS IN WORD (5) 
C=TOTAL NUMBER OF POSSIBLE COMBINATIONS 


FORMULA C = AB 
OR C=269 (26x26 x 26 x 26 x 26) 
OR C=11,881,376 possible combinations 


Of course, there are not anywhere near 11.8 million 
five-letter words in the English language or, for that mat- 
ter, any language. 

The computer could quickly scan through this huge 
list of combinations and select only those combinations 
that were words in the language in question. The prob- 
lem would be that the operator would then have a list of 
every possible word that the five-letter combination 
could be, yet still be nowhere near knowing which one. 

The supercomputer can take a five-character group 
and analyze it using other criteria. The word must have at 
least one vowel, for instance. The “context” and location 
of the group can be considered. Although this approach 
sounds beyond the capacity of even a huge computer, it is 
done. The characters in each group are first analyzed by 
themselves and then as part of the whole message. Then 
the computer can make sentences and even paragraphs 
out of all of these encoded “words” and eventually come 
up with a manageable number of possible messages from 
the encoded text. 

The point is that a supercomputer’s memory can easi- 
ly process hundreds of millions of random character 
combinations at once without human participation or 
error. Within seconds, this system can take a 200-word 
message and come up with a limited number of possible 
meanings for the encrypted text. The actual task for the 
cryptoanalysis computer is to come up with the key to the 
code. Once it has determined the content of the message, 
the computer can inform the operator what the actual key 
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is. It can also define the likely means by which the key 
was created. 

In order for the covert operator to effectively approach 
the threat of an encrypted message being decoded, it is 
vital that he understand that 100-percent security is 
impossible. The success of any code is limited to the capa- 
bilities of the operatives, the time available, and the poten- 
tial threat. A high-risk operation that is considered an 
active threat to U.S. national security can expect to have 
no reliable cryptosecurity because the degree of sophisti- 
cation employed by the opposition to break the code will 
probably always succeed. 

For less sensitive and dangerous activities, there is a 
means of encrypting plain-text messages that will severe- 
ly task even the most determined cryptoanalysis team. 
This approach is termed the randomly generated one- 
time cryptosystem. 

The most secure means of using a specific code key is 
to use the code only once. This means that every message 
exchanged between two parties must use an encryption 
method that changes daily, hourly, or on a per-message 
sequence. On-line encryption devices are designed to 
constantly change the characters of a plain-text message 
in sync with all other such devices in the “net.” The 
underground off-line system must accomplish the same 
thing. A one-time cryptosystem that randomly changes 
the content of each message in a manageable form by con- 
stantly altering each character is extremely difficult to 
defeat yet quite simple to employ. The method most prac- 
tical for this approach is the one-time pad. 

A one-time pad is a small booklet of sequentially 
numbered sheets containing a randomly selected code 
key for each character and number in the language used. 
(This section will focus on the English language, but the 
approach can be employed with any other language just 
as easily.) When the operative wishes to transmit a text 
message, he writes the entire message on a piece of paper, 
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leaving space between each line for the code characters. 
Once the message is written out, the operative takes out 
the one-time pad and tears off the top sheet. He uses this 
code key to transpose the message into the encrypted 
form. Once finished, he destroys the one-time pad sheet 
by burning the page completely, stirring the ashes, and 
disposing of them carefully. 

Possession of a one-time pad is extremely incrimi- 
nating. An operative who is caught with one is general- 
ly in no position to disclaim a variety of charges. For 
this reason the physical security of the pad is critical. 
One approach is to make the pad as small as possible. 
This is quite easy. With twenty-six letters and ten 
numerals to consider in a typical message, the opera- 
tive can make a one-time pad sheet the size of half a 
matchbook with no special tools or equipment. For 
example, here is the key sheet and code sheet for a one- 
time pad made on an ordinary typewriter using the 
twelve pitch setting: 


Key sheet: Code sheet: 
ABCDEFGHI V8P 14MKRC 
JKLMNOPQR 3YFTBAG6OW 
STUVWXYZ1 DLJGE5ZQH 
234567890 NOL9X2SU7 


PLAIN TEXT = NEED FUNDS WIRED TO AGENT NS 
CODED TEXT = B44I MJBID ECW4I LA VK4BL B9 


Although the small size of the one-time pad is illus- 
trated above, in actual use there are a couple of other 
considerations. This one-time pad is only a little bigger 
than the average postage stamp and is quite easy to 
conceal. You can easily create seventy code sheets ona 
single sheet of 8 1/2 x 11 paper. As long as you run it 
off on a copy machine (for the receiver), cut out each 
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small sheet, and attach them in sequential order of, say, 
seven sheets each, there is no need for you to sequen- 
tially number the individual sheets. Each tiny seven- 
page one-time pad can fit easily behind the matches in 
a matchbook. 

Keeping the one-time pad small in sheet count is 
useful from an operational security and concealment 
standpoint. If each agent only has seven sheets in his 
possession, he can usually operate from one week to 
several months without requiring a replacement, 
depending on the number of messages he sends or 
receives. 

The use of the one-time pad must also be carefully 
considered from a practical standpoint. Even though the 
message in the example cited above—NEED FUNDS 
WIRED TO AGENT N5—is encoded, it is actually rela- 
tively easy to break. The standard practices of cryptoanal- 
ysis would recognize three aspects of this encoded mes- 
sage—word content, word size, and word format—and 
break it within minutes. 

Codebreakers would recognize that the six-word mes- 
sage has the character 4 in it four times; it is the character 
most often used in the encoded message. The most com- 
mon letter in the English language happens to be the let- 
ter E, and 4 does, in fact, represent the letter E. 

The fourth and fifth words in the message are only 
two characters long. There is a limited number of two- 
letter words in the English language. If the cryptoanal- 
ysis expert recognizes the format of this message as a 
sentence, he will probably deduce the fourth word as 
“to.” After deducing the first word as “need” based on 
E being present twice, whatever is “NEED”ed has got to 
be described, and how and who to send it “TO” might 
also be included in order for the sentence to make 
sense. 

To enhance the security of the one-time pad, a stan- 
dardized means of creating text messages that will 
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defeat the cryptoanalysis process of recognizing word 
content, size, and format is required. This can be par- 
tially accomplished by using groups of uniform size. 
For instance, the message NEED FUNDS WIRED TO 
AGENT N5b can be written as NEEDF UNDSW IREDT 
OAGEN TNS. The last group is given two extra Qs to 
keep the group size uniform. Thus you have the fol- 
lowing: 


PLAIN TEXT: NEEDF UNDSW IREDT OAGEN TN5QQ 
CODED TEXT: B44IM JBIDE CW4IL AVK4B LB900 


This approach not only makes the codebreaker unable 
to employ format and word size analysis, but the addi- 
tion of two random characters at the end of group five 
will also affect his ability to employ word content analy- 
sis to a degree. 

Another practical consideration in even a small 
covert op is the need for the recipient to verify that he is 
using the correct one-time pad to encode and decode the 
traffic. In the coded message there should be one word 
group that identifies the pad used to send the traffic. This 
can be as simple as numbering each pad and sending that 
number encoded as the first word in any message, or by 
taking a certain section of the pad itself and sending that 
sequence of characters as the first (or last) group in the 
message. 

For instance, in our example, the last five characters 
in the bottom column of the code are X2SU7. This can 
serve as the code group identifier, which confirms to the 
receiver of the message that this specific one-time pad 
has been used . . . and also has now been destroyed. 

To create a one-time pad, simply write the entire 
alphabet and all ten numerals two times in two separate 
columns. Cross off the characters in the second (code- 
key) column as you randomly assign them to the charac- 
ters in the first (plain-text) column. The sheet will look 
something like this: 
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SP4deR 
CCMRVounn one 
oeoKruoanwn K 


NX XESS CHUPMPOVOZErA~HDMOADMIOWD 
NX ME <MHOYKoOvOZZ HAMMAN vOWD 


Although you may feel confident in your ability to 
create a random one-time pad using this technique, after 
making several dozen you probably will see certain iden- 
tifiable trends in your character assignments. Certain 
characters will tend to have only two or three character 
codes assigned to them every time. This process is diffi- 
cult to explain; the human mind simply is not very good 
at creating random letters or numbers. This characteristic 
keeps the one-time pad from being a randomly generated 
one-time cryptosystem. Therefore, when assigning char- 
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acters, get in the habit of starting from various points in 
the columns. This helps your mind keep the system more 
random in nature, making it more difficult for the opposi- 
tion to recognize any trends in your creation. 

As a practical exercise, make a starter sheet as shown 
above and run off twenty copies on a copier. Then 
attempt to randomly assign a code-key character to each 
plain-text character on every sheet. Unless you start at 
different points (and for many people, even if you do start 
at different points), you will recognize the above phe- 
nomenon. If you are able to identify any pattern in char- 
acter assignment, then a crytoanalyst should be able to do 
so too, and any cryptosecurity computer system certainly 
will be able to. Although this point sounds minor, it is 
worthy of careful consideration as you create your one- 
time pad. Don’t overestimate your abilities or underesti- 
mate those of your opposition. 


Computer Generation of One-Time Cryptosystems 

Operatives who own or have access to a personal 
computer (PC) may want to experiment with creating a 
random series of alphanumeric characters. Although this 
approach sounds like it might be the ideal means of creat- 
ing an unlimited number of secure one-time pads, there 
are some severe technical limitations to a personal com- 
puter that may not make this approach practical. 

In most computer languages there is, in fact, a com- 
mand for the random generation of a number or character. 
(In BASIC, this command is usually RND.) But this com- 
mand only appears to generate a random string of charac- 
ters. The PC can be instructed to create a list of all twenty- 
six letters and ten numerals in a “random” sequence with- 
out duplicating any character in the string. The problem 
is that if you run the program again on the same machine 
or even on a duplicate computer, it will generate the exact 
same sequence of characters more than 90 percent of the 
time. This translates out as a very unreliable approach to 
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random character generation because if it can be duplicat- 
ed, acryptoanalysis computer will recognize the pattern, 
know that the source for the one-time pad was a comput- 
er, and immediately break the code. 

No personal computer is capable of creating a truly 
unpredictable random list of characters. The reason for 
this is not so obvious. Essentially, a computer has a clock 
circuit feeding into the actual brain of the microproces- 
sor, the Central Processing Unit (CPU). The clock controls 
the speed and sequence of data as it passes through the 
CPU while being processed in the form of binary bits of 
data. When a BASIC programmable computer (such as 
the IBM PC and compatibles, the Apple, and most others) 
receives an RND code, the machine “selects” a character 
based on a predetermined and generally hardwired math- 
ematical formula. Although the resulting character string 
may appear to be generated randomly, it is actually quite 
predictable in process. If a computer process is pre- 
dictable, then it can be duplicated by another more pow- 
erful computer, which in this case means that it generates 
a breakable code. 

There is another way to computer generate a pseudo- 
random string of characters that may have some merit. 
Most PCs employ a Disc Operating System (DOS) that 
accepts its own series of commands. The standard system 
on the IBM PC is the Microsoft disc operating system, 
known as MS/DOS. In MS/DOS BASIC, the command 
RANDOMIZE instructs the CPU to execute a random 
selection based on a number that the operator is prompt- 
ed to enter. This number is used by the system to generate 
the random string. 

The PC has an internal time clock that keeps track of 
days, hours, minutes, seconds, and hundredths of sec- 
onds. Accessing this clock in the CPU requires the 
MS/DOS command TIMES. If the machine is instructed 
to create a random selection based on the current time, it 
will create a list of characters by constantly updating the 
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actual time on its internal clock, which changes one hun- 
dred times per second. The RANDOMIZE TIME$ com- 
mand is perhaps the most workable selection criteria for 
a one-time pad. (In ordinary BASIC, the TIME function 
command variable is TI$.) 

The problem with this approach is that the character 
string generated will have certain patterns identifiable by a 
more advanced computer, such as the CRAY II at the 
National Security Agency (NSA). If the CRAY II detects or 
suspects that random generation took place on a PC system, 
its huge memory and high-speed clock will eventually 
determine the initial TIME$ variable used to generate the 
first string and every subsequent string. Once the initial 
TIMES variable is determined, it can be entered into a simi- 
lar format MS/DOS PC system and the “random” character 
string will be duplicated. Although the OPFOR would be 
required to go to elaborate means and utilize advanced 
computer cryptoanalysis to break this code, it could be 
done. The point here is that true random generation is actu- 
ally beyond the means of current PC technology. 

As should be obvious, the ability to create a random 
group of characters in a random order is fairly easy for the 
human mind to do on a somewhat unpredictable basis. 
With practice, this work can be done by the brain much 
better than most computers. 

Although random selection is generally beyond the 
capabilities of the ordinary PC, it is one of the basic char- 
acteristics of a recent technology known as artificial intel- 
ligence, or AI. Al is the process where a computer system 
can perform such abstract tasks as “creative decision 
making” and “learning” somewhat emotionally based 
concepts such as morality. Random selection in an AI 
system relies on a series of complex mathematical formu- 
las that provide the computer with factors that are similar 
to the human thought process. 

Essentially, a random character string generated by a 
computer with AI architecture and software is made by 
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random generation of a mathematical formula, which is 
then used to randomly generate a character. The process 
continues with different formulas for each character and 
each string of characters. Because of the nature of the pro- 
cess, the system cannot duplicate character strings. Un- 
fortunately, an AI computer system is currently beyond 
the realm of the typical underground operative. 

The most significant advantage of computer genera- 
tion of a one-time pad is speed. With practice, manual 
one-time pad generation can be accomplished in about 
five minutes, including transcribe time. Yet a high vol- 
ume of one-time pads may be required as an integral part 
of a particular communications plan. To manually create 
alist of seventy different one-time pads would take about 
six hours plus the time required to process and package 
them. This time estimate may be quite conservative, how- 
ever, as many people would have a great deal of trouble 
making up seventy completely different one-time pads. 

Because of the inherent difficulties and time-inten- 
sive nature of random one-time pad generation, the 
author decided to locate someone who could take into 
account the known vulnerabilities of the IBM PC and 
somehow develop a simple program that would quickly 
generate a large number of different one-time pads. 

The computer software development community is 
made up of professional analysts and college-educated spe- 
cialists, as well as an impressive number of gifted “ama- 
teurs.” Some of these amateurs are known as hackers, a 
somewhat clandestine and close-knit community of intro- 
verted and often nonsocial types who are suspicious of 
writers or anyone else who want to know about their skills. 

After checking a variety of computer bulletin boards 
and private networks around Northern California’s Sili- 
con Valley as well as in the metro Washington, D.C., area, 
a uniquely qualified expert on the subject was located 
and found to be cooperative. 

Kenneth W. Balch is a former air force intercept ana- 


Guerrilla Cryptography * 69 


lyst who has been employed at a variety of National 
Security Agency (NSA) radio intercept posts worldwide. 
His job was to intercept and analyze coded continuous 
wave (CW, or Morse code) traffic generated from unknown 
sources around the world and attempt to identify its con- 
tent. Monitoring radio Morse code traffic sent manually 
and by computer for several years, Balch developed a 
unique insight into the clandestine exchange of message 
traffic. (He now is a private consultant to large companies, 
providing turn-key software systems, computer security 
advice, and data processing integration services.) 

After several interviews and informal discussions 
about the technical problem of making a PC act “random- 
ly,” Balch sat down at his keyboard and developed a pro- 
gram with some unique characteristics. The program uses 
a multilevel random-generation formula to create a math- 
ematical command that the computer employs to create a 
mathematically random character string. It was a chal- 
lenge that Balch spent many admittedly enjoyable hours 
“playing” with. 

Knowing that his one-time pad program could be 
attacked and defeated by an advanced cryptocomputer 
system such as the CRAY II caused Balch to smile. He 
stated that the capabilities of the CRAY II were not to be 
underestimated, but if nothing else, he could make the 
CRAY II work very hard for a long time in order to identi- 
fy any trends in a one-time pad that his program could 
generate in about five seconds. 

The Balch program uses the TIME$ command in an 
unusual manner. In order for the computer to come up 
with a number, the operator enters in a specific time— 
such as the current hours, minutes, and seconds (or any 
time, for that matter)—in twenty-four-hour time. The pro- 
gram adds the hours to the minutes and then multiplies 
this figure by the seconds of the running time clock in the 
PC, This calculation changes every second and makes the 
computer recognize any one of 3,504 individual numbers 
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at any given second in time. This number is then used as 
the basis to RANDOMIZE the ten numbers and twenty-six 
English-language letters. Each character is selected one at 
a time using this multirandom process until all thirty-six 
are accounted for by the computer, at which time they are 
printed out in a matrix of nine characters by four rows, to 
be used in a one-time pad the size of a postage stamp. 

The total time that this process takes on an IBM PC 
with BASIC MS/DOS is just under five seconds. Seventy 
completely different one-time pads can be created in 
about six minutes. 

After subjecting the program to several thousand runs 
of one-time pad generations and then feeding them into a 
“trend analysis” software program, it was determined 
that there were no identifiable characteristics between 
any of the pads generated. Balch’s program was capable 
of advanced mathematical text generation that was virtu- 
ally impossible to duplicate. 

A larger IBM system was given an opportunity to ana- 
lyze this program and its results, and instructed to calcu- 
late the actual mathematical odds of another computer 
being able to duplicate just one pad. The chances for this 
happening were 170,141,200,000,000,000,000,000,000, 
000,000,000,000 to 1. 

The following pages contain the Balch program. He 
has designed three different programs for the reader to 
use. Program 1 is the actual one-time pad program. 
Program II is a way for the operative to computer generate 
a one-time pad and then simply enter in the message for 
an automated process of encryption. Program III takes a 
specific one-time pad and decodes it from encrypted text 
back to plain text. 

10 REM Random Generated One-Time Cryptosystem 

20 REM Written by: Kenneth W. Balch 

30 REM Copyright (C) April 1990 

40 REM 

50 DIMUSED(100) 
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60 INPUT “How many one-time pads do you want?”;NUMB 

70 FORRETRY=1 TO NUMB 

80 COL=1 

/ 90 FORA=1TO90 

100 LET USED(A)=0 

110 NEXT A 

120 LET B=VAL(MIDS(TIMES,1,2)) 

130 LET C=VAL(MIDS(TIMES,4,2)) 

140 LET D=VAL(MIDS(TIMES,8,2)) 

150 LETE=(B+C)*D 

160 RANDOMIZEE 

170 X=INT(RND(0)*90)+1 

180 _ IF (X<65 OR X>90) AND (X<48 OR X>57) 
THEN GOTO 120 

190 IF USED(X)=1 GOTO 120 

200 LET USED(X)=1 

210 LPRINT CHRS(X); 

220 COL=COL+1 

230 IF COL=10 THEN COL=1:LPRINT 

240 DONE=0 

250 FORA=1TO90 

260 IF USED(A)=1 THEN DONE=DONE+1 

270 NEXTA 

280 IF DONE=36 THEN 300 

290 GOTO 120 

300 LPRINT:LPRINT 

310 NEXT RETRY 

320 END 


8MCG50ZV7 
JEX1KBNPF 
23WHQSRT4 
OLYUAQJD6 
OOADX4R9Q 
ZPSBUKJIE 
FN16W2GT7 
VLMH3CBY5 
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REM Random Generated One-Time Cryptosystem 
REM Written by: Kenneth W. Balch 

REM Copyright (C) April 1990 

REM 

REM The difference between this program 
REM and the other is this one 

REM will allow you to type your message directly in the 
REM keyboard and 

REM will print your message in encrypted form using the 
REM cryptosystem 

REM created by the computer. 

KEY OFF 

CLS 

DIM USED(100) 

DIM CYPS(100) 

REM F=1 

COL=1 

FOR A=1 TO 90 

LET USED(A)=0 

NEXT A 

LET B=VAL(MIDS(TIMES,1,2)) 

LET C=VAL(MIDS(TIMES,4,2)) 

LET D=VAL(MIDS(TIMES,8,2)) 

LET E=(B+C)*D 

RANDOMIZE E 

X=INT(RND(0)*90)+1 

IF (X<65 OR X>90) AND (X<48 OR X>57) 
THEN GOTO 180 

IF USED(X)=1 GOTO 180 

LET USED(X)=1 

LPRINT CHRS(X); 

F=F+1 

CYPS(F)=CHRS(X) 

COL=COL+1 

IF COL=10 THEN COL=1:LPRINT 
DONE=0 

FOR A=1 TO 90 
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ao 340 IF USED(A)=1 THEN DONE=DONE+1 

350 NEXTA 

360 IF DONE=36 THEN 380 

370 GOTO 180 

380 PRINT “Enter your message and I will encrypt it 
using this one-time pad.” 

390 PRINT “Press | to end (Shift \). 


400 KEYED$=””" 

410 WHILE KEYED$=”"": KEYED$=INKEY$:WEND 
420 |” THEN GOTO 830 

430 ” THEN KEYED=1 


490 THEN KEYED=7 
500 "H” THEN KEYED=8 
510 1” THEN KEYED=9 
520 

530 

540 

550 

560 'N” THEN KEYED=14 
570 ” THEN KEYED=15 
580 'P” THEN KEYED=16 
590 '(Q” THEN KEYED=17 


600 IF KEYED$="R” THEN KEYED=18 
610 IF KEYED$="S” THEN KEYED=19 
620. IF KEYED$="T” THEN KEYED=20 
630 IF KEYED$="U” THEN KEYED=21 


650 IF KEYED$="W” THEN KEYED=23 
660 IF KEYED$=”"X" THEN KEYED=24 
670 IF KEYED$="Y" THEN KEYED=25 
680 'Z” THEN KEYED=26 
690 '0” THEN KEYED=27 
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700 IF KEYED$="1” THEN KEYED=28 
710 IF KEYEDS="2” THEN KEYED=29 
720 IF KEYEDS$="3” THEN KEYED=30 
730 IF KEYEDS="4” THEN KEYED=31 
740 IF KEYEDS="5” THEN KEYED=32 
750 IF KEYEDS="6” THEN KEYED=33 
760 IF KEYEDS="7" THEN KEYED=34 
770 IF KEYEDS="8” THEN KEYED=35 
780 IF KEYEDS="9” THEN KEYED=36 
790 IF ASC(KEYEDS)=13 THEN LPRINT:GOTO 400 
800 IF KEYEDS=" “ THEN LPRINT” “;:GOTO 400 
810  LPRINT CYPS(KEYED); 
820 GOTO 400 
830 — PRINT:PRINT:PRINT “Program end. One-time pad 
erased from memory.” 
840 CLEAR 
850 END 
BW2MQ14IF 
G7NXU3TA5 
6HDYZROKP 
SCOV9BEJL 


U3Z F6 HIQ HFXQ 135 BNN 433M 250TH36 H3 23XQ H3 HIQ BFM 
31 HIQF5 6O6HQX6 
HIF6 Fé B HQ6H 


10 
20 
30 
35 
36 
37 
38 
39 
40 


REM One-Time Pad Decoder 

REM Written by: Kenneth W. Balch 

REM Copyright (C) April 1990 

REM This program will DECODE messages generated 
REM using a one-time pad or 

REM using the Random Generated One-Time 

REM Cryptosystem programs. 

REM When the computer asks for a letter, 

REM look up the letter on your one- 
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41 REMtime pad and enter the letter that should be there. 
42 ie.ifBis 
43 REMan encoded A, when the computer asks for B 
44 you would type A. 
45 KEY OFF:CLS 
50 DIMCyPs(50) 
60 KEYED=0 
70 PRINT “Enter letter for CODE letter . . .” 
80 FORRETRY=1TO 26 
90 PRINT “Letter “;CHRS(RETRY+64); 
100 INPUTCYPS(RETRY) 
110 NEXTRETRY 
120 FORRETRY=27 TO 36 
130 PRINT “Number “;CHRS(RETRY+21); 
140 INPUTCYPS(RETRY) 
150 NEXTRETRY 
160 CLS 
170 PRINT “Enter coded message and I will decode it for you.” 
180 PRINT “Press | to end. (Shift \)” 
190 KEYEDS=”"”" 


250 'D” THEN KEYED=4 
260 IF KEYED$="E” THEN KEYED=5 
270 ~=— IF KEYEDS="F” THEN KEYED=6 
280 IF KEYED$="G” THEN KEYED=7 
290 IF KEYED$=”"H” THEN KEYED=8 


340 
350 
360 IF KEYEDS=”"0” THEN KEYED=15 
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370 IF KEYED$=”"P” THEN KEYED=16 
380 IF KEYED$=”Q” THEN KEYED=17 
390 IF KEYED$="R” THEN KEYED=18 
400 IF KEYED$=”"S” THEN KEYED=19 
410 IF KEYED$="T” THEN KEYED=20 
420 IF KEYED$="U” THEN KEYED=21 
430 IF KEYED$="V” THEN KEYED=22 
440 IF KEYED$="W” THEN KEYED=23 
450 IF KEYED$="X” THEN KEYED=24 
"Y” THEN KEYED=25 


7” THEN KEYED=34 
560 IF KEYED$="8” THEN KEYED=35 


580 IF ASC(KEYED$)=13 THEN LPRINT:GOTO 190 
590 IF KEYED$=” “ THEN LPRINT” “;:;GOTO 190 
600 LPRINTCYPS(KEYED); 
610 GOTO 190 
620 PRINT:PRINT:PRINT “Program end. One-time pad 
erased from memory.” 
630 CLEAR 
640 END 
NOWIS THE TIME FOR ALL GOOD CRYPTOS TO COME TO THE 
AID OF THEIR SYSTEMS 
THIS IS A TEST 


The one-time pads developed thus far in this chapter 
essentially are substitution ciphers. But this is only the 
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beginning. Once the operator has developed the capacity 
to create a string of random characters, additional work 
can be done to the one-time pad to further enhance basic 
COMSEC. The highest degree of security in one-time 
cryptosystem application is achieved through the use of 
noncarrying addition. 

The Soviets generally are credited with the effective 
use of one-time pads that employ a series of numbers ina 
group format as the basis for the key. 

For instance, a string of five numerical groups— 
45682 98713 62987 53672 71632—is the one-time pad. 
Characters of the alphabet are assigned a numerical 
value, and each group has the numerical value of each 
character in the message added to it. This becomes the 
encoded group. 

The receiver of the message simply subtracts the five 
character group from the one-time pad group and gets the 
numerical value of each character. For example: 


45683 98715 62980 53676 71637 CODED MESSAGE 
RECEIVED 


-45682 98713 62987 53672 71632 ORIGINAL ONE-TIME 
PAD SUBTRACTION 


it 2 3 4 5 ORA,B,C,D,ANDE 


In this application, one message character requires 
five encoded characters. This does enhance security; 
however, it obviously makes text messages 500 percent 
larger in bulk. 

If messages must be sent quickly and securely and are 
short in duration, then this approach has much merit. Ifa 
message is longer and if it is a command message that 
must be executed immediately, this approach may be too 
slow. Of course, home-developed software that stores a 
large number of one-time pads in memory and automati- 
cally performs the arithmetic for each group, decodes the 
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text, and assembles or sends the same can make this 
approach fast, accurate, and probably the most secure 
system available. 

Again, noncarrying addition is an important part of 
this approach. If the reader still is not familiar with this 
concept, here is an example: 


56789 IS THE ONE-TIME PAD GROUP. 
+26 FORTHECHARACTER “Z” IS ADDED, 
BUT THE SUM IS NOT CARRIED. 


56705 1S THEENCODED TEXT, AND WHEN ONE-TIME GROUP 
56789 IS SUBTRACTED FROM THIS: 


26 THE RESULT IS NOT CARRIED OVER TO EACH 
COLUMN, AND TEXT IS DECODED. 


The most significant drawbacks of employing the 
one-time pad are as follows: 

1. OPERATIVE TRAINING. The entire cell must be 
versed in using the one-time pad without error. Storage 
and transportation of the pad to avoid detection and 
proper destruction procedures must also be stressed to 
each participant. 

2, PHYSICAL SECURITY. Regardless of the level of 
training or the diligence of the operatives, unpredictable 
factors may allow the one-time pad to fall into the 
OPFOR’s hands. If this occurs, it generally means that a 
cell member has been captured, and the other team ele- 
ments may or may not be aware of it. This also means that 
all message traffic using the captured one-time pad that is 
intercepted will be decoded immediately, and anyone 
caught using that code will be incriminated and tied in 
with the person originally captured with the pad. 

3. IDENTIFIABLE CHARACTERISTICS. If the OPFOR 
is able to intercept a number of encoded messages gener- 
ated from a one-time pad, the fact that it is being 
employed will be established quickly by the computer 
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used for cryptoanalysis. As discussed earlier in this chap- 
ter, the computer is a competent codebreaker. It may not 
be able to break a particular code, but if it is given enough 
messages it can easily identify the “signature” of a one- 
time pad. Once this is determined, the computer can then 
be tasked in dissecting the message with a new set of cri- 
teria. It may or may not be successful, but the characteris- 
tics of the message will be clearly identified within a 
period of time. 

The problem with one-time pads essentially boils 
down to the fact that the operative must possess a small 
but incriminating piece of evidence in order to protect 
his communications from being detected. There is, how- 
ever, an alternative. 


BOOK CODE 


Book code is a system that employs a key to specific 
word locations in a common book. A book code message 
will contain several groups that each describe a specific 
page number, column, and line number in a book. For 
example, the code group 36819 could be decoded to 
mean that the word in the message is on page 368, col- 
umn 1, word 9 from the top of the page. Book code is fair- 
ly secure and very easy to use. It is not as secure as a one- 
time pad, but the two concepts can be combined to create 
a means of encryption that is more secure than either 
approach. 

Each operative is issued a copy of the same book, 
which will become the cell’s one-time pad by using the 
following technique. This approach is limited to the let- 
ters of the alphabet. 

By making a double-column list of all twenty-six 
characters as was done in creating a random one-time pad 
(see page 65), each operative makes his own pad as need- 
ed by using the characters in the book as the source for 
the random generation of characters. For instance, on 
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page 1 of the Bible, the first paragraph starts out with, IN 
THE BEGINNING GOD CREATED THE HEAVEN AND 
THE EARTH. The operative uses the letters of this docu- 
ment to create his pad. Letters are crossed off the list as 
they are used, and reoccurring letters in the text are 
passed over. For example: 


IN THE BEGINNING GOD CREATED THE HEAVEN AND THE EARTH 
ABCDEF G HI JK L M 


As you can see from the above example, half the alpha- 
bet is already transposed using this sentence. One printed 
page of just about any book will contain all the letters of 
the alphabet except perhaps the letters Q, X, and Z. These 
characters can be prearranged to represent themselves. 
The ten numerals are not likely to be encountered in a nor- 
mal book, but they can always be written out in text. 

Book code is significant for two reasons. First of all, it 
eliminates the need to possess an incriminating one-time 
pad. Everyone makes his own as needed, and as long as 
everyone has the same book and a means of identifying 
the specific location used to create the pad, the security 
of the entire system is greatly enhanced. Also, since the 
random generation of the characters comes from a print- 
ed book, the trends of the code key group can not be iden- 
tified by detailed computer analysis. 


GRID CODE 


As a communications planner, it is important to con- 
sider different codes and formats for each cell. In fact, it 
is often essential for the cell commanders to create their 
own method of encryption known and accessible only to 
the members of that specific cell. Additionally, each cell 
member may need to have an individual code system 
designed specifically for him or her. 

Grid code was designed by the author to meet the 
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needs of a small, closely structured cell. It is simple to 
use and quick to teach. It has a highly random nature and 
is easily amenable to brevity codes and even the TAC- 
OPS code that will be discussed later in this chapter. 
Basically, grid code inserts a message into text among 
many other characters. It can be as simple or as complex 
as needed. The basic premise of grid code is that the actu- 
al message text is at a prearranged location 
somewhere in the copy. For 
example, the message 
in the illus- 


Taking 

the first letter 

from each word, the mes- 

sage becomes: DELTA OPS BEGIN 

FRIDAY GET WEAPONS AND CASH CON- 

FIRM AT DROP GOLF CARLOS. This handwritten 

note can be crumpled and “tossed” at the drop site or sent through the mail. 

It should look as if the recipient simply read it and threw it away. It is not very 

secure, but variations can be used for quick messages, backups, and as a 
means of communications between POWs. 
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tration employs a crude form of document insertion. It is 
not superpractical nor particularly secure—it is for exam- 
ple purposes only. 

As you can see, the handwritten note is innocuous and 
seems to be fairly straightforward. In actuality, the mes- 
sage text is taken from the first character of each word. 
POWs employed this simple technique during the 
American Civil War. It has minimal application today 
except in instances where it is part of a more elaborate cod- 
ing system. The basic premise, however, can be adapted. 

Essentially, grid code is a somewhat complex varia- 
tion of document insertion. When generated, grid code 
appears to be a random-group message of unintelligible 
text generated from a one-time pad. There is a high degree 
of random character generation in grid code, but no one- 
time pad is needed. 

The most significant advantage of this code is that 
it requires no paraphernalia to either send or receive 
the encoded message. No tiny one-time pads to deal 
with, no calculator to decode numerical sequences, 
and no invisible ink pens or “secret decoder rings” are 
required. It is also user specific. A commander can 
send a grid code message to a specific individual, and 
even if others in the cell are knowledgeable about the 
grid code format, only the designated receiver can 
decode the message. There are no group identifiers or 
books required for this system, and it can be created 
and sent with one sheet of paper. 

The requirements for a cell to create its own format of 
grid code are as follows: 

1. A preset matrix or grid of a specific number of lines 
and spaces. 

2. A key-designator location assignment for each 
operative and a prearranged number of characters per 
line or group for each key. 

The following example is designed to walk the reader 
through this simple procedure. 
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1234 5 67 8 9 101112 13415 


EEE 


FE 


H 


HHH 


Step 2: Each operative has his 
own key-designator location, 
such as the first character in the 
lines 1, 2, and 3 above. This tells 
the receiver where the actual key 
designator is located in the text. 
KNO indicates that the key desig- 
nator is on line 11, spaces 14 and 
15 (K, N, and O being the 
eleventh, fourteenth, and fif- 
teenth letters of the alphabet). aT 


1234567 89 10112134 


IN 


4 


HH 


H 


Step 4: Actual key is placed. In 
this example, FE (or line 6, space 
5) designates key 3FJLO247HJ, 
which translates to spaces 3, 6, 
10, 12, and 15 on odd lines, and 
spaces 2, 4, 7, 8, and 10 oneven 
lines. 
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Grid code worksheet. 


Step 1: Create a standardized grid. 
A 15-character x 12-line grid is a 
workable size. 


1234 567 8 9 101112 1391415 


oH 


im 


r 


WH 


Zz 


Step 3: The key designator tells the 
receiver where the actual key is 
located in the text. FE indicates that 
the key begins on line 6, space 5. A 
prearranged set of characters (10) 
designating a prearranged set of 
characters per odd and even line (5) 
is entered at this location. 


1234 5 67 8 9 101112 1391415 


23 4 6 67 8 B 101112 13 14 15 


] + Grid code worksheet. 


1 
HAL 
NI 
} 
LI al Step 5: Mark each grid location with 


a dot. Note that key designators and 
key locations are passed over. 


123 4 5 6 7 8 9 101112 19 14 15 


1 Sige jeer fo} 

2 e] | fete) fu |_| 
Step 6: Insert text. In this exam- *|0| |mM|_| |v] | | {si fr [Ay 
ple, plain text message reads, * A 4 
VICTOR CELL MUST ACTIVATE * ZN] [|v 
IN VIENNA ON 15 MAY AT & Z2/4/7/H |v 
SAFEHOUSE ALPHA XX. (Note: 7 lal |o! N 
Normally the operative would ® 
insert encoded text.) 9 si] fa’ F| 

10 < 

n CLIPLIele 

12 | 4 


Be] 


ia Step 7: After inserting text, begin to 
insert random numbers in empty 
INT spaces. 
ai 
123456 
Step 8: Follow through by insert- _' [K|A|V[[o[1| O| 
ing letters randomly until the 2 |N|R[@[cl4[3 fz 
entire grid is filled. (Hint: Simply 3 |{o\2|mlq|Mu' AI 
write out the alphabet while mov- 4 l@icle[TINIH Er] 
ing around the grid at random 5 |p[plr|[5lwiel4 lv] 
spaces until it is filled.) 6 lulz [Nels D 
7 [5 lalNi x2 NI 
Step 9: Rewrite the grid without ® |X| 1]4|5 |e iC 
the grid box and dots. 9 ALTE! F 
1 fTlelalals z 
1 Ic lOlEl4 E 
12 (lea fale. e 


Grid code worksheet. 


6789 10 111219 1415 


key te location 


3 * 
(or weyaet" 
KNO= 11 14 15 
5 
5 
ty 


FE= 6 
+ 
Mi 
eg 
key designator 


ASN 


OL EerPAZOLNiA 
PRAWN Eu Mey 

PONE MEMZOKAS 
FPOKUZROAIEKOE 
FOD=TODZROp 


OANE=NEHNHA> 
a Ded me 5 om > 6B BE CC 
AIAN SO Aaa De 
09 Da OE 
ome 79 ES Ed Bd Rae SE Bad = De ee 


Ot zZzZEONCLM=N 
CORFMEXHNZTE 
SPNZCF-zzrecoug 
CEN08=—0-OnOR 
@2ZO0GPNxXCFOZ 


raoehonoaoorg 


678 9 10 111213 1415 


1294 8 


we 

Veo 5 

en Be 

g F=) 

gow a3 

"n > 
Cheah DAZOLN 
abeds bol clenlct 142-1 
DONE EMzeFoo 
KoruzResexa2 
eOD=tTonEZnoD 
O8VE=—Ne HNN 
hs Dad me 5s mn EB BE CO 
2a POG. Ee 
OMM = Fe. Foo wx 
me °F BS Bad a Bad Bw De 
ovEzzE CT TT] 
CONRNMXNNZTE 
SMEOF-zzrcoue 
<aN08—O-oNon 
MEOURPINKOROZ 


z 
gE 
2 

53 
23 
aa 
o> 


x 
z 
2 
ri 
: 
3 


decoded text = VICTOR 
Always bum message and 
worksheet when completed! 


| 


6789 10 111213 141 


12345 


CL. @ERPAZOLNWA 
BRPNHN=ENMae 
DUNOEREXZOFAG 
ROFMHZReCIEcKaAs 
FAbD=$—=FfAOOHErep 


COANE ASHNNAD 
AMP ROAM RON 
AaANSOIRGEND Se 
COMM = FO BOO we 
mm 7D ES ES id Bae SI Bad = DE 


STEZZMNCLMN=N 
CORRMHEXNRETE 
SRECKZZCCONG 
<e008—0-oHOn 
MEZOUEDNXOFOZ 


r-aownonaog 
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Once the operative is trained in the format or size of 
the grid and is advised where his or her assigned key-des- 
ignator location is in the text, the agent is ready to send 
and receive text messages without any written procedure 
or encryption paraphernalia. The random nature of the 
text—which, in the example, represents 66 percent of the 
encrypted message—and the intentional formatting of the 
text into five-character pseudogroups provide an ex- 
tremely secure encryption. 

As long as the operative keeps his specific key-desig- 
nator location secret, his personal traffic cannot be 
decoded by others, even if they are familiar with the grid 
code concept. Plain or encrypted text can be used with 
grid code with a fairly high degree of COMSEC. Once the 
communications officer understands the basic concept of 
grid code, there is no way for the system to be reliably or 
regularly attacked by a computer or cryptoanalysis unit. 

The critical security element in planning a grid code 
system for a decentralized underground operation is the 
creative placement of each agent’s key-designator loca- 
tion. Avoid beginning or side or end of matrix key desig- 
nators (it is done so in the example only for clarity). Place 
them in the text at different locations on vertical, hori- 
zontal, or diagonal planes on the grid matrix. 

The most significant application for grid code is the 
potential concealment of other codes. Plain-text grid 
code is fairly secure; however when TAC-OPS code, one- 
time pad code, or book code is concealed inside of a grid 
code, the mathematical possibility of anyone successful- 
ly attacking the code is literally impossible to calculate. 

Depending on the nature of your enterprise, effective 
encryption of text messages will be determined by the 
ability of your opposition to attack the code. The more 
sophisticated the opposition, the more sophisticated the 
code. It can be said that encryption and COMSEC proce- 
dures are designed more for the opposition than they are 
for the operation. 
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As a communications officer, you must create the most 
secure code possible while considering both the opposi- 
tion and the level of skill among members of the cell. 
Training is the key. A constant assessment of the level of 
training, the skill of the operatives, and the quality of the 
code is a basic requirement for any COMMO plan. 

Codes should always be simple to employ. They can 
be “complex in their simplicity,” but they should always 
be user friendly in execution. Most of the procedures 
should be committed to the operative’s memory. A vari- 
ety of code plans provides you with “backups of your 
backups” for when things go wrong. Of course in covert 
ops, things do tend to go wrong. 


TAC-OPS Code 


The U.S. military employs a versatile code for routine 
message traffic, known as TAC-OPS (Tactical Operations) 
code. It consists of a three-character group, or trigram, 
that designates a specific word. A pocket-size dictionary 
of all available words for use in this format is issued to 
each unit. Each sixteen-page code book is normally used 
for one day only and then destroyed. NATO’s maximum 
of forty-eight hours of use makes it one of the most secure 
and reliable military codes. It is simple to use and is an 
excellent example of a combination of a one-time cryp- 
tosystem and a form of book code. 

TAC-OPS code (NSA designation KTC 600) has been 
carefully thought out for field use. There are over 1,300 tri- 
grams for common military terms, as well as all letters and 
numbers. There are also a large number of spare locations 
that can be unit specific (there are 117 spare trigrams in the 
TAC-OPS code pictured here). Also note that commonly 
used letters and words have a number of available trigrams. 
The letter T, for instance, has six possible trigrams available 
to the user, and the user is advised on page 1 of the code 
book to use the duplicates, or variants, on a random basis. 
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TAC-OPS code. 
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TAC-OPS code is an extremely efficient method of 
written or voice communications. Developed for radio 
operations on the tactical (squad, platoon, company, and 
battalion) level, this code condenses the bulk of the mes- 
sage since every word is only three letters in length. Of 
course, if your operation employs words other than those 
listed, you must use the spare slots for more commonly 
used words and spell out any others. 

For speed and security, a variation of this code can be 
developed by the operative to provide COMSEC for each 
cell. TAC-OPS code can be formatted into a one-time pad 
layout or grid code configuration quite easily. The one- 
time pad computer program can be utilized to assign a 
sequential group of five characters to a pre-established 
dictionary of standard words for message exchanges. 

TAC-OPS codes are definitely amenable to certain 
cells more than others. An ADMIN/LOG cell has to han- 
dle a great deal of standardized equipment, materials, 
and so forth as part of its mission. Assigning certain items 
a standard brevity code is simple and straightforward. 
TAC-OPS code is not as useful for an INTEL/OPS cell due 
to the detailed nature of that cell’s communications. Of 
course, targets, safehouses, locations, and operations can 
and should have their own brevity code words for basic 
security. All participants in the enterprise should like- 
wise have their own brevity code identifiers. 

After reviewing the TAC-OPS code on pages 89-92, the 
operative may wish to compose a message using the code 
and learn how versatile it can be. Further in this book is a 
section on monitoring military communications, and the 
operative will hear this type of code employed extensively 
in training operations as well as during actual missions. It 
is extremely useful to monitor this traffic and record it for 
training operatives in your organization. 

Integrating TAC-OPS code into the COMMO plan has 
a number of advantages. Like all brevity codes and 
acronyms that are specific to an operation, they signifi- 
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cantly complicate matters for codebreakers. These codes 
can be employed wisely to create an expert code system 
that any cell could use with minimal risk. 


MESSAGE PLANNING AND 
THE LIMITATIONS OF THE LANGUAGE 


Regardless of the method selected for transferring a 
message and/or for creating a one-time cryptosystem, 
the operative must consider the text of the message care- 
fully. He must take into account the nature of the lan- 
guage being used, as well as the ABCs of text traffic: 
ACCESS security, BREVITY of message, and CLARITY 
of message. Combining these simple concepts into a 
code system will provide an operation with a high 
degree of COMSEC. 

It is important to understand the nature of the written 
language you are attempting to disguise as a code. In nor- 
mal usage, the characters of the English language have a 
highly predictable sequence. Creative efforts focused on 
the elimination of predictable patterns are suggested. 

There are a number of extremely common words in 
written English. According to the American Heritage 
Word Frequency Book, the twelve most commonly used 
words in written English are: 
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Although it would be impossible to attempt to com- 
municate effectively without these twelve words, the 
operator should make note of them. If he can reduce the 
usage of these words by only 25 percent through the use 
of abbreviated text messages, the ability of the opposition 
to attack the code by computer will be degraded substan- 
tially. Habitual elimination of these common words, 
except when clarity is essential, will also greatly reduce 
the bulk text required for encryption. The same holds 
true for the eight most common letters in the English lan- 
guage: E, T, A, O,N,I,R, and S. 

In an average message, over half of the words will 
begin with T, A, O, S, or W, and at least one quarter gener- 
ally end with the letter E. Certain letters occur in sequence 
more frequently than others do. For instance, TH, AN, and 
HE appear most often together in English. ER, ES, and ED 
also occur together quite predictably. Doubles are another 
concern; the letters L, E, and S are often found together (as 
in the S in UNLESS). There are also common three-letter 
word groupings (called trigrams in the trade) that are 
found in most sentences. The four most common are THE, 
ING, CON, and ENT. If the substitution for any of these let- 
ters is learned by recognition of the commonality of their 
sequence, the code is that much closer to being broken. 

Thus, it is important to recognize the limits of the lan- 
guage and incorporate a few “corrections” in your mes- 
sage before you actually encrypt the text with the one- 
time pad. Plan your plain-text message using the above 
guidelines and a few careful misspellings to create a more 
secure text message. Always start out with the complete 
message in longhand and then start trimming it down. 
For instance, consider the following message to be sent to 
an action cell commander: 

BADGER. SAFE HOUSE FALCON IS OPERATIONAL. 
MAP AND DETAILS FOR THIS NEW LOCATION WILL BE 
FOUND AT DROP REDSTONE ON THURSDAY. CONFIRM 
THE RECEIPT OF THIS PACKAGE WITH A FALSE COL- 
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LECT CALL TO MESSAGE CENTER FOX IN THE NAME 
OF MARK GUNTHER THURSDAY NIGHT, BETWEEN 2115 
AND 2215 ROMEO. DROP REDSTONE WILL BE SANI- 
TIZED FRIDAY AM. IF YOU HAVE TRAFFIC FOR ME, 
LEAVE DROP CODE DESIGNATOR AND TIME ON INSIDE 
OF AN EMPTY PACK OF MATCHES WITHIN TEN FEET 
OF DROP REDSTONE PRIOR TO FRIDAY AM. 

First, the bulk of the text can be greatly reduced by 
eliminating almost half of the message without sacrific- 
ing clarity. Most obvious should be the use of the code 
name. If BADGER is to be the receiver of this message, it 
will be sent only to him for decoding; thus his name does 
not need to be on the document at all. In the second sen- 
tence, the nature of the contents of the drop known as 
REDSTONE is disclosed, and this is not only unnecessary 
but a breach of basic security as well. 

For clarity, brevity, and security, the message should 
read more like this: 

REDSTONE THURSDAY. CONFIRM THROUGH FOX 
COLLECT FROM MARK GUNTHER SAME DAY 2115- 
2215R. IF YOU HAVE TRAFFIC, ID DROP AND TIME AT 
REDSTONE ON INSIDE EMPTY MATCHBOOK WITHIN 
TEN FEET WHEN SERVICING. 

Note that the sender now avoids telling BADGER 
when or even if the drop will be sanitized. Although he 
may intend on servicing this drop location and then mak- 
ing it inoperative somehow, BADGER does not need to 
know this, nor should he ever need to know when any 
drop is to be serviced. Remember the ABCs of sending 
covert text. Is ACCESS to this information critical? If not, 
delete from the message. Is the message written with 
BREVITY? Keep it short. Finally, is the message CLEAR? 
Remember: ACCESS, BREVITY, and CLARITY. ABC. In 
the above example, the message is kept the same, unnec- 
essary access is eliminated, and the volume of the text is 
cut well over half. 

Finally, the limitations of the language can be 


96 © SPYCOMM 


addressed. Understanding what words and character 
sequences to avoid, the message would then progress to 
something like this: 

REDSTON TH. CONFRM 2 FOX COLEKT MARK 
GUNTHER TH 2115-2215R. IF U HV TRAFIK ID DRP ON 
MT MATCHBUK WITHIN 10 FT REDSTON TH. 

The key factor here is uniformity of format. The read- 
er of this message should be familiar with the use of cer- 
tain brevity codes just as intimately as he should know 
where the drop known as REDSTONE is. Brevity codes 
make the encryption of text faster since the message bulk 
is reduced, and a high level of security is placed on the 
inherently risky use of the written word. 

Brevity codes are useful in the initial stage of plain- 
text conversion because the opposition will attempt to 
attack the code without specific knowledge of the use of 
these simple additives. In the above example, the word 
EMPTY has been replaced with MT. There are a number 
of other options available: 


ARE R 
TO, TOO 2 
YOU U 
SEE, SEA Cc 
FOR 4 
BUSY BZ 
BEFORE B4 
FORM 4M 
EASY EZ 
TOBE 2B 


These codes are fairly straightforward. There are 
dozens of others in one-, two-, and three-letter combina- 
tions, all of which will quickly degrade an opponent’s 
ability to attack the code. They will be looking for dou- 
bles and trigrams in the text, and if they are avoided, the 
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either radio or telephone communications systems. Each 
approach has limitations. 


TELEPHONE COMMUNICATIONS 


Telephone systems are in place and operational 
worldwide. If the operative has a small, portable uplink 
system, the international communications satellite sys- 
tem (COMSAT) allows access to commercial telephone 
circuits from anywhere on the planet. Long-range high- 
frequency (HF) radio telephone units allow ships and air- 
craft to make use of these telephone circuits as well. 

For the typical underground operation, access to a 
telephone does not require such sophisticated hard- 
ware—a reliable voice communications system with 
worldwide access is as close as the nearest pay telephone. 
Because of the simplicity of operation, universal reliabil- 
ity, and general ease of long-range operation, the tele- 
phone is used by many underground groups as the pri- 
mary means of communications. 

This chapter will focus on expedient methods to gain 
access to the commercial telephone system anonymous- 
ly. There are a number of reasons why simple installation 
of service is not practical for many operatives. The need 
for mobility, quick access, and a degree of security isa 
consideration when deciding to employ the capabilities 
of telephone communications as an integral part of the 
communications plan. 

The significant advantages of telephone communi- 
cations are that telephones generally are more secure 
than radio and are extremely reliable, and exploitation 
of commercial circuitry already on-line requires mini- 
mal equipment or time. The telephone system in your 
target area can be exploited and continuously used to 
maintain contacts worldwide. It can also be employed 
to send data, image, and bulk text quite easily. In fact, 
even funds can be sent using the telephone system. The 


only problem with using telephone communications as 
a covert tool is security. 


Telephone Communications Security 

Before discussing specific methods and techniques of 
exchanging information via the telephone, it is important 
for the operative to have something completely clarified. 
Telephone conversations are not secure. This should 
seem obvious to any experienced operative; however, the 
commercial security market has become deluged with 
technologies, devices, and contraptions that purport to 
provide a secure means of using the telephone to commu- 
nicate sensitive information. 

Most nations and many individual jurisdictions 
employ a variety of methods to intercept, record, and ana- 
lyze telephone traffic. The U.S. National Security Agency 
(NSA), for example, is tasked by congressional order to 
intercept, monitor, record, analyze, and file al] overseas 
telephone conversations that originate or terminate with- 
in the United States. Telephone conversations are inter- 
cepted and computer analyzed for voice characteristics, 
previously filed or flagged voiceprints, and so forth. 

The NSA’s modern supercomputers can handle thou- 
sands of conversations simultaneously around the clock. 
The monitoring system can electronically identify the 
voice characteristics and even the identities of both par- 
ties and log both the number called and, if originating in 
the United States, the number used to initiate the call. To 
a certain degree, it can electronically analyze the content 
of the conversation without any human involvement 
whatsoever, which permits the agency to literally sweep 
through any phone system and gather all critical informa- 
tion cheaply and efficiently. The computer will notify the 
NSA operators if the voiceprint, the particular numbers 
called or used to originate the call, or the content of the 
conversation may be of some use to the intelligence 
requirements of various agencies in the U.S. government. 
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Incidentally, the transmission of data, fax, or scrambled 
voice communications automatically receives priority. 
The computer analyzes it immediately, notifies the oper- 
ator, and even descrambles any type of encrypted traffic. 
Many intelligence and law enforcement agencies 
intercept domestic telephone conversations on a large 
scale using microwave intercept equipment. Every major 
city and town uses either microwave or fiber optic equip- 
ment to route telephone traffic. To intercept these con- 
versations is somewhat sophisticated, but it is not beyond 
the scope of any operative to conduct such an operation. 
The point of this brief section is to emphasize that no 
telephone line is secure. If someone tells you they are on 
a “clean” or “secure” line, they are either lying or they 
are extremely naive. No electronic gadget or device made, 
no “sweep” conducted, regardless of how professionally 
done, can provide a 100-percent guarantee of telephone 
security. Consequently, rule number one of telephone 
COMSEC is that all operatives must assume the conver- 
sation is being recorded by the opposition and adjust the 
conversation’s content in a manner that eliminates the 
possibility of the operation being compromised. 
Sophisticated and expensive gadgetry for telephone 
security such as scramblers, voice alteration devices, 
pocket-size “tap detectors,” and tone-burst data commu- 
nications systems are not only simple to defeat and some- 
what amateurish to employ, but they actually call atten- 
tion to your conversation instead of providing even a 
small degree of security. Many books and publications 
exhort the technical and security capabilities of these 
devices, but the technology is now extremely dated and 
in fact counterproductive to efficient COMSEC. This 
book advises against the use of these devices for a couple 
of simple technical reasons. 
Any electronic device that is intended to encrypt, 
encode, or electronically alter telephone communications 
must do so within the electronic frequency-response 
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parameters that are available through the normal tele- 
phone system circuit. Basically, this means that the alter- 
ation or encryption must use a very narrow section of the 
audio spectrum in order to function. What this means to 
your opposition is that any such traffic can be intercepted 
and recorded anywhere along the path that the signal trav- 
els and then computer analyzed. So the very existence of 
this type of electronic alteration is not only instantly 
detectable, but also capable of being decoded. 

There is no commercially available technology that is 
beyond the decoding capability of the government agen- 
cies tasked in the interception and analysis of such traf- 
fic. Since the inception of computer-assisted microwave 
and satellite uplink intercept technology, all telephone 
traffic that contains scrambled, encrypted, or altered con- 
tent is immediately “flagged” and usually decoded on 
site. It is always recorded. The point is that such conver- 
sations are now an excellent way for you to call a great 
deal of high-level attention to yourself. 


Pay Phone to Pay Phone 

If your target area is a major urban setting, there are lit- 
erally thousands of pay telephones that can be used to com- 
municate reliably. The most significant advantage of using 
a pay phone is that the volume of unrelated phone traffic 
makes a tap on one subject or group of subjects expensive 
and time intensive. The previous section should give the 
operative a basic understanding of the risks involved with 
using the pay phone or any telephone in exchanging com- 
promising or incriminating information. 

A series of pay telephones within convenient proximi- 
ty to your residence or safehouse can be utilized to conduct 
communications with a degree of safety. This approach 
requires you and each operative in your net to create and 
maintain a personal pay phone directory with location, 
phone number, and call sign for each phone. If you explore 
your area, you will have no trouble finding at least a dozen 
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phone booths within close walking distance in any urban 
setting. The selection criteria for a phone booth should take 
into consideration such factors as proximity, twenty-four- 
hour access, shelter, lighting, and privacy. 

The booth’s phone number should be on the phone’s 
dial pad. If it is not, try dialing #200 to learn the number. 
If the number is not available and #200 doesn’t work, 
then the following measure must be taken. 


Safehouse FALCON * 201 D Street Anytown, USA ¢ (501) 555-1212 
Pay Phone Directory 


Phone Number Call Sign Location 
A 555-4321 Amy Able C & Wall 
B 555-3214 Bob Bane D & Wall 
Cc 555-2143 Carl Cam C & 2nd 
D 555-1432 Don Deal 1st &D 
E 555-4433 Ed Eagle and &E 
F 555-2211 Fran Finn Wall & C 
G 555-1234 Gwen Gold Wall & E 
H 555-2341 Hal Henry Wall & B 
I 555-3412 Ida Ingle E & Main 
J 555-4123 John Jenks B& 1st 
K 555-3322 Ken Keest Main &B 
L 555-1133 Lily Lakes Main &D 

Signals Call Sign 
Urgent Jerry Lent 
Abort Andy Burton 
Compromised Carl Mise 
Shut Down Bob Claus 
Leave Now Leo Howell 
Operating Instructions 


Answer on second ring only! 

Authenticate. 

Ask operator to repeat collect call names (To and from whom?). 
Advise operator politely that it is a wrong number. 

Log both names and time call came in. 

Never accept any charges. 

Never make calls on this phone. 


Notes: Police Dept. at Taylor and A. 
Interstate on-ramp 5 blocks south on E (primary escape). 
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Have a friend stand by at a residential phone and call 
him collect from the pay phone. When the operator 
makes contact, have your friend say that the person you 
are trying to call just stepped out, but if the operator can 
leave a number, he will call you right back. The operator 
will tell your friend the number of the phone booth. 
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Simply calling the operator and asking which number 
you are calling from sometimes works, too, although for 
internal security reasons many operators are not permit- 
ted to give this information out. 

Let’s examine how a pay phone directory could be 
used at a safehouse. In most underground operations 
there is a need for constant mobility for at least a por- 
tion of the operatives. This requires a covert network 
of supporters or sympathizers who will provide tem- 
porary residence for personnel active in an operation 
or who are in fact “wanted” by the authorities for one 
reason or another. The owners of the safehouse need to 
be protected from details of the operation, and no com- 
munications, activities such as meetings, or weapons 
or equipment storage can be conducted from the safe- 
house. The cell commander must have a means of con- 
tact with the occupants of the safehouse, but this can 
be accomplished by using the safehouse phone as a 
“message indicator” only and a number of pay phones 
close-by for actual message transfer. 

When an operative arrives at the safehouse, he needs 
to be briefed on the area and the rules for living there. The 
operative is provided a detailed local map as well as a 
hand-drawn map of the immediate area, as in the illustra- 
tion. All essential details are provided on the map, 
including the pay phone directory, a primary escape 
route, and the location of the nearest police station. 

At safehouse FALCON, the directory, map, warnings, 
and communications signals and protocol are outlined 
on one sheet as part of the operative’s initial briefing. 
This sheet could also be issued as part of his assignment 
to go to this city and set up at safehouse FALCON. 
Command should have a copy of this document as a 
means of establishing contact with the safehouse. 

The pay phone directory includes the physical loca- 
tion of the pay phone, its phone number, and a call sign. 
The pay phone call sign should be a name that can be 
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clearly understood over the phone. In the illustration, 
pay phone A is designated “Amy Able” and is located at 
the corner of C and Wall streets. This phone is around the 
corner from the safehouse. 

A collect call from “Jerry Lent” to “Amy Able” means 
that at a prearranged time the operative should be at pay 
phone A for an urgent message. If any call comes in col- 
lect from “Leo Howell,” all personnel are advised to leave 
the safehouse, split up into small groups, and go to alter- 
nate locations or whatever has been prearranged. (This 
“leave now” signal can be sent from a pay phone in a jail 
cell or from anywhere in the world without the sender 
having to actually pay for the call.) 

Safehouse FALCON uses the pay phone directory to 
maintain contact with other cells and individuals in- 
volved in the underground op. The telephone in the resi- 
dence is used only to receive the message indicator—it is 
never used to originate or conduct message transfers. 
When it is necessary to contact an individual at safehouse 
FALCON, command knows the communications proto- 
col to call the desired operative at a predesignated pay 
phone on the sheet. 

The actual owners of the safehouse may or may not 
reside there. As long as the occupants understand the 
protocol, there is no need for nonessential personnel to 
be there. The safehouse phone must be manned twenty- 
four hours a day so command can access all personnel 
who are either there or close-by. Note also that the operat- 
ing instructions state that the phone must be answered 
only on the second ring. This is a low-level authentica- 
tion method that helps the caller verify that he has 
reached an occupied safehouse. If the phone is answered 
on one ring or three or more rings, it is a distress warning 
signal to alert the caller. 

The pay phone directory concept can also be em- 
ployed by a small operation of only a few individuals. All 
of the same rules apply. The safehouse may be the resi- 
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dence of one operative who acts as a cut-out between the 
operatives in that city and the rest of the cell. The safe- 
house is nothing more than a center to transfer and 
exchange communications on behalf of a group of indi- 
viduals. The point is to have a phone accessible to initi- 
ate contact and to inform the caller of priority messages, 
emergency warnings, and the number of a “clean” pay 
phone to make the contact on. The approach can be con- 
ducted so that the initial collect call appears to be a 
“wrong number.” 

As with the safehouse, the phone at your residence 
should never be used to conduct message exchange. As 
you become more active in an underground operation, 
you will find yourself extremely mobile. You may have to 
reside in a series of temporary safehouses in order to 
avoid detection, enhance operational security, or avoid 
an active effort aimed at your capture. 


Pay Phone Limitations 

The long-distance network of AT&T has control over 
most of the pay phones in the United States. There typi- 
cally is a flat rate to call any long-distance number in the 
country from a pay telephone. (In the spring of 1991, it 
was $2.05 for business or peak hours and $1.95 for off- 
peak hours for the first minute of calling.) This rate seems 
to apply if you are calling inside the state to another area 
code or clear across the country. 

Certain underground groups train their operatives to 
carry a roll of quarters ($10.00) and to call only from pay 
phones to some prearranged message center to exchange 
information. But there is a problem with this strategy that 
seems to have been overlooked. Simply because a pay 
phone user deposits coins into the phone to place a long- 
distance telephone call does not mean that a toll billing 
record is not generated. In fact an internal billing record 
is generated. This is very important to consider. 

For example, you are involved in an action in a spe- 
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cific city. You leave your hotel or safehouse, walk to a 
nearby pay phone, and call your base or main message 
center. You deposit the coins, make a forty-five-second 
contact, hang up the phone, and never use that pay phone 
again. Good COMSEC? Not really. If you or your group are 
suspected of being involved in some activity in a target 
city, and if the location where you stayed can be approxi- 
mated, the authorities can quickly check the toll billing 
on all pay phones in the general vicinity of the area by 
computer and determine if calls were made to your mes- 
sage center during the times in question. Finally, after 
reading the section on telephone communications securi- 
ty (pages 101-103), it should be obvious that conversa- 
tions using pay telephones are fairly simple to intercept. 

Paying for the call by coin is only secure when you 
are calling another pay phone that no one in the cell will 
ever use again. On the other hand, if you use a telephone 
credit card to make the call and the long-distance carri- 
er’s 800 number to initiate access, no record is kept on the 
pay phone toll accounting system. In fact, all that can be 
determined is that the call originated in the specific city. 
As you will see in Part II of this book, the actual 
“account” used to make the call is in no way associated 
with you or your cell. 


RADIO COMMUNICATIONS 


Radio communications are the fastest way to get a 
message to a specific group or individual. Radio is useful 
when conducting any type of raid or ambush. A radio 
link with an early warning system is indispensable when 
conducting a covert penetration of an area or building. 
No operational cell should attempt to conduct a high- 
speed entry or urban raid without a radio link. Though 
there are a number of underground activities where radio 
is critical, there are also a number of threats in the use of 
radio as an integral part of the communications plan. 
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Radio is the least secure means of communications. 
Radio signals can be intercepted, jammed, and even 
deceptively altered by a technically proficient opposi- 
tion. Do not overlook this threat. Underground opera- 
tions or guerrilla warfare will almost always be conduct- 
ed against a physically and technically superior force. 
Your radio traffic will not only be identified, but your 
physical location will be pinpointed in the process. 
Irresponsible use of radio communications can function 
as a literal homing beacon on your operation. 

A fairly good rule of thumb in formulating a COMMO 
plan is that if there is any means of communications other 
than radio for a specific application, use it. With that said, 
there are a number of fairly safe applications for radio 
communications, and these will be discussed in detail. 


One-Way Radio Link 

Underground ops frequently require clandestine 
access to an individual or group that is not at a specific 
geographic location. The cell is tasked with maintaining 
itself undercover in a given area, training and practicing 
its specialized skills in a manner that draws no attention 
to itself. To covertly control this type of cell, the one-way 
radio link (OWRL) is an excellent option. 

The agents of the cell are provided with radio 
receivers capable of picking up a specific frequency. At a 
preset time, the command net sends out an encrypted 
voice transmission over this predetermined frequency 
from an area outside the target region. The agents within 
range of the transmission can receive instructions and 
messages from command fairly anonymously this way. 

For example, an age-old technique (employed by both 
sides during the Cold War and still used today) is clan- 
destine numbers station broadcasting on the high-fre- 
quency shortwave band. These stations can be received 
anywhere in the world. The broadcasts are simply a 
series of number groups, generally five digits long, which 
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are broadcast at a specific time and directed toward an 
agent or cell in a target country. The nature of high-fre- 
quency propagation makes the origin and intended desti- 
nation of these transmissions open to speculation. 

The broadcasts can be heard on a number of shortwave 
radio frequencies throughout the day in North America 
and Europe. The numbers are read off by a male or female 
or by computer voice recordings in a number of different 
languages. Intelligence agencies and even hobbyists listen 
to these broadcasts and record them for reference and 
study. Some voices become familiar, as do certain frequen- 
cies and formats of numbers. Although volumes have been 
written regarding the origins and intentions of numbers 
stations, the fact is that unless the listener can understand 
the content and meaning of the code, the ability to inter- 
cept the transmissions does little good. 

An underground organization can employ the num- 
bers station technique and one-time pad encryption to 
communicate on an international level with a large or 
small cell. All that is required is a radio transmitter of the 
desired range and the capability for the cell to receive the 
transmitted frequency. A one-time pad or TAC-OPS code 
is an excellent means of using the one-way radio link as a 
fairly secure part of aCOMMO plan. 

Any device that can transmit radio signals can be uti- 
lized for this approach, including amateur radio equip- 
ment and low-cost FM radios. With a little preplanning, 
an ordinary citizens band radio can be employed. For 
example, command arranges to transfer encrypted num- 
ber groups to all cell members late at night. Each agent 
connects a low-cost timer to a CB walkie-talkie with an 
AC adapter to turn on both the receiver and a tape 
recorder at the designated time on the designated CB 
channel. In this configuration, the agent does not have 
to wake up to receive the message or even be at the loca- 
tion where the radio and timer are set up when the mes- 
sage comes in. 
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A simple, low-cost “electronic dead drop” can 
be configured with a hand-held radio, timer, 
and voice-activated tape recorder. The receiver 
of the message simply programs the timer to 
tun on the CB radio and recorder at a specific time. Using a variable- 
speed recorder such as the one illustrated allows the sender to trans- 
mit messages at two to three times the “normal” speed of a voice mes- 
sage. (Illustration courtesy of Mark Camden) 


This approach allows command to contact a number of 
cell members in a given area and distribute messages and 
instructions fairly quickly and securely. Using a grid code 
for text message transfer allows a number of cell members 
to receive the message, but only those individuals specific 
to the message will be able to decode the text. Additionally, 
the cell commander can send the coded transmission from 
a mobile unit or set up the transmission to occur witha 
timer, similar to the receiver arrangement. 

The advantage of using a OWRL is that the transmis- 
sions can be sent quickly; the target simply receives the 
transmission and is not at risk of being compromised by 
transmitting himself. Another advantage is that the oppo- 
sition can have a great deal of difficulty locating the 
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source, content, and target of such communications. The 
imagination of the communications officer and the avail- 
able hardware are all that’s required for a successful link. 

The risks of employing this approach are also numer- 
ous. Possession of the transmitting equipment in a denied 
area may be illegal. Furthermore, the agents or cells must 
be versed in decoding the traffic, oftentimes needing cer- 
tain hardware and one-time pads to receive and decode 
transmissions. 

The most significant applications of the OWRL are in 
the use of powerful transmitters outside of the enemy’s 
region and reach that broadcast encoded messages to 
small receivers inside the target area. There are a few 
options for the underground group to employ, and though 
they are illegal and certainly unethical, they can help 
reduce the risk and peripheral costs involved with 
employment of the OWRL. 


Bootleg Voice Paging System 

The transmitter is the most expensive part of a 
COMM6O plan that utilizes a one-way radio link. Guer- 
rillas often steal the necessary hardware for this applica- 
tion, but modern technology offers a fairly clever alterna- 
tive. You can simply “borrow” a transmitter in the target 
city and access it from anywhere in the world. 

You do not want to get caught performing the follow- 
ing technique. It involves a serious though seemingly 
harmless theft of acommercial radio paging service. The 
concept is fairly simple and the results are quick, but the 
owners of the paging system certainly will frown on this 
approach. Read this section completely to understand the 
risks involved. 

There are millions of radio pagers in use throughout 
the world, and every city in the United States has pager 
transmission systems in place. Radio pagers are used by 
doctors, police officers, attorneys, technicians, and other 
professionals. Drug dealers and other criminals also have 
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found these small radio receivers useful in the conduct of 
their business. 

By programming a radio scanner with the common 
radio pager frequencies (pages 118-120), the operative can 
intercept these transmissions and gain enough informa- 
tion to use the pager and a scanner together as a commu- 
nications tool. (Every cell should have at least one 
radio scanner. These receivers are good for monitor- 
ing local security forces, intercepting telephone 
traffic, and other uses.) If the operative 
bootlegs pager access for brief message 
transfers during off-peak hours, the 
approach has merit and minimal risk. 
This strategy can allow the under- 
ground cell to exchange mes- 
sages, send commands and 
warnings, arrange meetings, 
and initiate or abort mis- 
sions in seconds. 

Radio pager systems 
can send both voice 
and data transmis- 
sions. Data trans- 
missions gener- 
ally are a series 
of tones that send 
a digital message 
to the specific pa- 
ger. The pager provides 
the subscriber with a digi- 
tal readout of the number he is supposed to call. 

The other less common type of pager is the voice 
pager, and this is the one of interest. When the voice pager 
number is called, the caller can leave a verbal message for 
the subscriber. This voice message, typically from twenty 
to sixty seconds in duration, is then transmitted over the 
airwaves along with the access number to actuate the spe- 


The ICOM R1 is 
the smallest and 
one of the fastest 
radio scanners 
available. This 
tiny hand-held 
unit can be used 
to monitor police 
traffic or set up ina 
bootleg pager applica- 
tion. (Illustration courtesy 
of Mark Camden) 
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cific pager intended to receive the message. Using a scan- 
ner programmed with the pager frequencies, the operative 
can intercept and make note of these voice messages to 
gain access to the pager transmitter. 

Monitoring the radio scanner for less than an hour 
generally will result in the interception of a number of 
voice messages, such as “Tom call Jerry at 555-1234.” As 
soon as you intercept this message, make note of what 
pager frequency you heard the transmission on and 
immediately call the number on the message. When the 


person answers, tell 
them that you work for 
some well-known local 
company and your pager 
has been going off all day 
with their messages. 
Politely ask the person 
what number they are 
dialing to page the per- 
son they are calling so 
that you can report this to 


The ACE Communications 
AR-1000 scanner is the ideal 
underground communications 
intercept unit. With a 1,000- 
channel memory and 10 
search banks with interchan- 
nel lockout, it has the highest 
channel memory capacity of 
any hand-held scanner sold in 
the United States. The_fre- 
juency coverage of 8-1,. 

z allows the unit to receive 
standard shortwave broad- 
casts all the way up to 
microwave pages, airphone 
traffic, and virtually all voice 
radio communications in the 
spectrum. (Illustration cour- 
tesy of Mark Camden) 
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the pager company. The person who initiated the page 
will almost always give you the pager phone number, at 
which time you have gained access to the specific radio 
transmitter frequency keyed into your scanner. By calling 
the pager number, you can transmit your voice message 
all over town to anyone who has a scanner tuned to this 
frequency. By monitoring a while longer, you can use the 
same approach to collect a number of telephone pager 


TNC to BNC adapter Center-loaded 
(allows use of cellular telescopic whip 
Phone antennas on a antenna 


scanner) 


Cellular phone 
antenna 


ACE AR-1000 standard all-band 
antenna (comes with scanner) 


A variety of antennas available for the AR-1000 scanner for use in 
intercepting telephone traffic. (Illustration courtesy of Mark Camden) 


access numbers, giving you a choice of reliable, fairly 
long-range one-way radio links. 

In many cases, pager transmitters on the VHF fre- 
quencies can send page signals for more than 100 miles. 
The communications officer can call the pager number 
from a distant city and relay a brief voice signal to all cell 
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members in the target city by having a prearranged time 
to have the scanner tuned to the pager frequency. The 
voice message must be brief and sent late at night to pre- 
vent the legitimate subscriber from discovering the ille- 
gal use of his pager number, as well as for the cell mem- 
bers with scanners to avoid having to listen to the “clut- 
ter” of other messages heard during the day. 

There are many situations in underground operations 
where the bootleg pager can be a major benefit. If anew 
operative is to link up with a certain cell or agent in a tar- 
get city, he can be instructed to arrive there by a certain 
time and go to a specific pay telephone. After being 
observed at this phone, he can call the pager number and 
give a password over the pager. This can establish the 
legitimacy of the operative prior to any members actually 
meeting him. 

Pager access can be used as an early warning system 
for active cells. Many radio scanners have a priority func- 
tion that programs it to sample a specific radio frequency 
every two seconds for any traffic. A cell can use this func- 
tion late at night when monitoring security or police 
forces—if the message frequency is programmed in the 
priority channel, the scanner will immediately go to that 
channel to receive the traffic when the pager is activated. 

Pager bootlegging can transfer long-distance credit 
card numbers (more on this later) to a specific cell ina 
target city or exchange other encrypted number transmis- 
sions, as long as they are brief. Credit card numbers 
should be sent in some sort of encrypted manner, since 
radio voice page transmissions are recorded by the pager 
company, at least temporarily. They are also subject to 
intercept by other scanner owners, although this is actu- 
ally quite rare. 

Using this technology and a smal] amount of practice, 
the communications officer can travel with his team toa 
strange city anywhere in the world and instantly have 
access to a OWRL for citywide communications. Pager 
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bootlegging has all the benefits of a covert OWRL without 
possession of the transmitter. This technique can be an 
excellent communications strategy for an action cell, and 
if recording equipment and a timer are connected toa 
scanner, the pager bootleg strategy can function as an 
electronic dead drop for exchanging signals or brief mes- 
sages very securely. 

The operative should always avoid bootlegging on 
medical page frequencies or those likely to be used by 
anyone late at night, such as for undercover police work. 
Medical pagers typically operate on their own allocated 
frequencies or are obvious since the voice page message 
generally instructs “Doctor ___” to call extension “____,” 
or something to that effect. Do not disrupt medical page 
traffic; lives may be at stake. Simply monitoring pager fre- 
quencies on a scanner will reveal certain pagers em- 
ployed by maintenance people or technicians that are 
unlikely to be used late at night. These pagers are ideal 
for aCOMMO plan. 

The following are the frequencies for radio pager 
(sources: Tune in on Telephone Calls, 1988 by Tom Kneitel 
K2AES; Police Call Radio Guide, 1991 by Tandy Corp.): 


Medical and Emergency 
(Do not use these frequencies for bootlegging!) 
35.640 Mhz 
35.680 Mhz 
43.680 Mhz 
152.075 Mhz 
157.450 Mhz 
163.250 Mhz 


Business and Professional 
152.480 Mhz 
154.625 Mhz 
157.740 Mhz 
158.460 Mhz 
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462.750 Mhz 
462.775 Mhz 
462.800 Mhz 
462.825 Mhz 
462.850 Mhz 
462.875 Mhz 
462.900 Mhz 
462.925 Mhz 
465.000 Mhz 


Public Access Subscribers 
35.220 Mhz 
35.260 Mhz 
35.300 Mhz 
35.340 Mhz 
35.380 Mhz 
35.420 Mhz 
35.460 Mhz 
35.500 Mhz 
35.540 Mhz 
35.580 Mhz 
35.620 Mhz 
35.660 Mhz 
43.220 Mhz 
43.260 Mhz 
43.300 Mhz 
43.340 Mhz 
43.380 Mhz 
43.420 Mhz 
43.460 Mhz 
43.500 Mhz 
43.540 Mhz 
43.580 Mhz 
43.640 Mhz 


Search the following bands for more voice pager fre- 
quencies: 


72.020 Mhz-72.980 Mhz 
75.420 Mhz-75.980 Mhz 
152.000 Mhz-152.840 Mhz 
158.100 Mhz-158.900 Mhz 
929.000 Mhz-932.000 Mhz 


Two-meter ham radio transceivers, marine band VHF 
radios, and a number of business-type walkie-talkies can 
also be employed with a scanner to function as OWRLs. If 
the agent keeps the messages brief, transmits from a 
secure location, sterilizes the area after transmitting, and 
never transmits from the same location twice, the OWRL 
provides a degree of security that many types of radio are 
unable to give. 

Overall, the use of radio is very risky in covert ops. It 
is simple to intercept radio traffic, and even scrambled or 
“secure” transmissions do nothing to prevent the opera- 
tive from being located with radio direction finding (RDF) 
techniques, which, with the help of computer technology, 
are fast and accurate. Being captured with possession of 
the hardware described in this section would be very 
unpleasant if it could be linked to illegal activities. 

Radio monitoring with scanners and receivers should 
be encouraged for all members of a cell. Studying and 
understanding the opposition’s radio traffic can be a great 
help in avoiding confrontations. My book, Improvised 
Radio Jamming Techniques: Electronic Guerrilla Warfare 
(available from Paladin Press), provides detailed insight 
into this very interesting strategy. 
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8 @ DISSEMINATING 
INFORMATION 


Oftentimes a communications plan can benefit by 
having the capacity to not only collect and exchange 
information but also circulate a specific message to the 
masses. A target audience must be studied carefully and 
understood before attempting to “reach” it covertly. It is 
useful to have access to the masses for recruitment and to 
influence opinions, It is also quite dangerous to do so. 

Obviously, your audience should have access to the 
medium you select to convey the message. Again, ex- 
ploitation of available media can have the desired effect. 
In fact, the most useful means of communicating an 
unpopular or controversial message to a mass audience is 
to make the delivery itself equally controversial. When 
properly employed, bootlegging or pirate activities 
become news stories themselves. With a little imagina- 
tion, you can exploit the existing communications media 
to assist you in reaching a mass audience. 

For example, your group may wish to direct attention 
to a specific incident or atrocity committed by the oppo- 
sition that has not been adequately covered in the press. 
One group in California did just that when it decided that 
the media coverage of the war in El Salvador was slanted 
and unfair. The group felt that the media was as much to 
blame for the problem as the actual policymakers in 
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Washington. Their solution: they printed a bogus copy of 
the front page of a large local newspaper, even using the 
paper’s masthead, covering a number of military atroci- 
ties alleged by the group to have been committed by the 
E] Salvadorean military. These bogus front pages were 
secretly placed on the Sunday edition of the paper inside 
hundreds of vending machines. 

Many readers thought that the newspaper actually 
printed this “insert,” and in fact, the paper had to print a 
disclaimer. Furthermore, this inexpensive, clever ap- 
proach gained the attention of the national media. 

This is an excellent example of making the act of com- 
municating the opinions of an underground operation as 
newsworthy as the opinions themselves. By using cre- 
ative and perhaps unconventional approaches, the con- 
tent of your message becomes almost secondary to the 
medium you employ to disseminate the message. 

The following are some examples of how an individ- 
ual or small organization can disseminate information in 
a manner that covertly gains access to the masses while 
calling a bit of attention to its cause from the media. 


CREATIVE INSERTION 


The example of the newspaper insert is useful, and 
you may want to consider it. Another approach that 
might generate a bit of attention would be to rent a large 
number of videocassette recordings of popular movies 
and momentarily override the record protect tabs to re- 
cord your message somewhere in the movie. This can be 
devastating if you employ the right images at the right 
time in the right movie. In a popular action adventure 
movie, the climax of the film can be interrupted with 
your home-produced images. An animal rights group, for 
instance, can show the methodical slaughter of some 
breed of fur animal at this point for excellent effect. 

The advantage of this approach is that the attention of 
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the audience is guaranteed. They are shocked by the 
interruption, which of course makes them very irritated 
and upset. They will not forget this incident. The viewer 
will likely contact the video rental store and demand a 
refund, and the business will likely demand an investiga- 
tion, which may get the attention of the local TV and 
print media, particularly if the message is put on a num- 
ber of videotapes and the content and quality of the mes- 
sage is such that a number of people call attention to this 
tude interruption of their entertainment. You can get the 
ball rolling by calling the city desk of the target papers 
and TV stations with a “tip” about the story. 

Another even more illegal approach would be to “bor- 
row” the bulk mail permit of your opposition to do a cre- 
ative mailing of your own. Printing duplicates of the 
OPFOR’s stationary and envelopes and sending out a 
large number of inflammatory messages will certainly get 
a lot of attention from the target group and the media. 
Sending illegally produced mailings with an unautho- 
rized bulk mail permit would cause quite a stir, and the 
reader should be advised that the investigation that 
would follow would be very aggressive indeed. 

Again, the key element in creative insertion is under- 
standing that the conduct of the communication can be as 
newsworthy as the actual message. The environmental 
group Earth First!, for instance, plasters messages on bill- 
boards, covers up the advertisement, or simply drops the 
billboard to the ground with chain saws. This is in protest 
of the “land rape” caused by the billboard company. This 
approach is clever, innovative, and certainly easy to do. 

The more effective “communiqués” all seem to employ 
media that are somewhat unconventional in nature and 
generally are conducted in the form of a prank or a ruse. It 
used to require a barbaric form of violence or terrorism in 
order to gain national media attention. Many groups now 
employ a much different approach—they seize the medi- 
um only for a brief moment to get the message out. 
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Remember, your opinions and objectives may seem to 
you to be realistic and for the betterment of society, but 
this has no bearing on whether anyone will chose to lis- 
ten. Therefore, you want to accomplish the following: 


1. Identify the situation in a manner that gets a lot of 
attention. Turn apathy into emotion. 

2. State the facts in a manner that will influence opin- 
ions. 

3. Access the masses in a manner that cannot be 
ignored by the media. 


You can certainly operate just outside the law to com- 
municate your message effectively; just be cautious and 
clever. The more you seem to defy the system, the better 
your chances that people will observe or listen to your 
message. Don’t hesitate to generate negative emotions 
from your target audience. When you interrupt the apa- 
thetic, they tend to get a little annoyed. That is fine. In 
some cases it can be beneficial. 


PIRATE OPERATIONS 


Creating a media center with pirate radio or television 
stations offers great opportunities. The fact is that for a 
couple hundred dollars, a video transmitter can be had 
that can transmit for miles on one of the normal TV chan- 
nels. A video transmitter in kit form can be purchased 
from North Country Radio, P.O. Box 53, WYKAGYL 
Station, New Rochelle, NY 10804. 

Pirate TV and radio broadcasts are, of course, very 
illegal and require a covert approach to get away with. 
Pirate broadcasting in the United States is becoming a 
serious activity, and the Federal Communications Com- 
mission (FCC) is becoming very aggressive in attempting 
to halt it. Still, the creative and imaginative application 
of technology in a manner that seems to attack or subvert 
the mainstream media tends to gain a lot of attention. 
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Should your group wish to look into pirate activity, there 
is one source for all the facts and hardware needed to 
conduct this risky enterprise safely: PANAXIS, P.O. Box 
130, Paradise, CA 95697. 

A pirate station should be controversial and enter- 
taining. It should be an alternative to the general media. 
This often can be accomplished by jamming the broad- 
casts of popular stations, and the equipment needed to 
do this is the same equipment required to broadcast your 
own message. Imagine two or three TV stations getting 
jammed at the 6:00 P.M. news broadcast and, one station 
over, your little pirate video station giving the viewer a 
whole new perspective of the “news on the hour.” This 
would require careful and elaborate planning, but the 
results would likely gain national attention to your cause. 

Even Third World nations have a large number of tele- 
vision sets and radios per capita. If the language and the 
audience are understood, a covert operation can access 
the masses with a pirate broadcasting station more easily 
than with underground newspapers or leaflets. 

In general, the media in most countries are either a 
propaganda tool for the government or a means of gener- 
ating revenues for a company. Accept this reality and 
exploit it. Force the medium that is ignoring your cause 
to disclaim the insertion of your message or the interrup- 
tion of its programming. Be clever. Cheat, steal, interrupt, 
and insert your message among the media already acces- 
sible to the target audience. Make your message and your 
method newsworthy by breaking the “rules” of the game. 
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PART II 
6 
TECHNICAL ASPECTS 
OF UNDERGROUND 
COMMUNICATIONS 


9 @ TELEPHONE 
SERVICE THEFT AND 
FRAUD: A HISTORICAL 
PERSPECTIVE 


The telephone is one of the most basic essential tools 
in an underground communications plan. Using the com- 
plex international telephone system covertly often in- 
volves the theft of telephone service. 

It has been reported that the theft of phone service is 
done for economic reasons by the international “under- 
ground community”—criminals, mercenaries, terrorists, 
political outcasts, fugitives, informants, and intelligence 
operatives. That is only half the story. 

This final section of the book will explore dozens of 
methods to make a “free” telephone call. The concept is 
neither new nor innovative in underground operations. 
Yet the reason this approach is so effective and popular 
in the underground has more to do with anonymity than 
economics. Many of the techniques described either cre- 
ate no billing record of toll calls, or they do so in a man- 
ner that eliminates the caller's association with the calls. 
COMSEC combines with rapid access to make phone ser- 
vice theft and fraud a viable option. 

Phone service theft in the United States is quite com- 
mon, and understanding the history and popularity of 
this activity will greatly enhance the underground com- 
munications plan. Obviously it is an inherently risky 
undertaking, and many covert ops would be best served 
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to completely avoid this option. Many of the techniques 
described can be integrated into the COMMO plan with 
no actual theft of service. 

The following information is presented for informa- 
tion and academic purposes only, and is by no means an 
endorsement nor an approval of this activity by either the 
author or the publisher. 

Placement of any foreign device on the commercial 
telephone circuit, fraudulent use of unauthorized tele- 
phone billing codes, and illegal theft of telephone service 
are felonies. The reader is advised to consider the legal 
ramifications and the aggressive prosecution history of 
this offense. Proceed at your own risk. 


Documentary evidence of American citizens defeat- 
ing the telephone billing process goes back at least fifty 
years. Few other cultures regard the intentional theft of 
service from a public utility as an acceptable form of be- 
havior. In the United States, the “outlaw” mentality com- 
bined with the culturally characteristic lack of respect for 
authority is part of American folklore. In many respects, 
this uniquely American attitude is socially encouraged. 
Phone service theft is socially acceptable. 


PHONE SERVICE THEFT IN THE 1950s 


After World War II, Bell Telephone began to make 
note of college students using military surplus communi- 
cations equipment to make free long-distance calls to 
home from campus. One notable technique employed an 
ordinary hand-crank field phone that was used by signal 
and artillery troops during the war to keep contact with 
command bunkers and foxholes. This large, battery-oper- 
ated telephone generated an AC signal that electronically 
deceived the phone company’s billing process. 
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College students in the early 1950s used this tele- 
phone to take advantage of an electrical characteristic of 
the phone company’s newly installed automatic message 
accounting (AMA) system. When a long-distance call was 
made, the AMA system began the billing process only 
when the ring signal had stopped for three seconds. 
Normally the ring signal stopped when the phone was 
picked up at the other end, but the field phone put a sig- 
nal on the line that made the AMA system believe that 
the phone was still ringing. 

The phone company began making note of phone 
calls that apparently rang a distant number, sometimes 
for hours, for no explicable reason. Internal security per- 
sonnel at Bell recognized that because the phone system 
ran on a circuit known as a DC loop, the theft technique 
being used was virtually impossible to defeat, although it 
could be detected. 

Basically, when a phone rings, it is receiving a “ring” 
signal from the central office of about twenty pulses per 
second. When the person receiving the call picks up the 
phone, the DC loop circuit is closed, which tells the cen- 
tral office to stop the ringing pulse and begin the billing 
process. The modified field phone made the phone com- 
pany circuitry believe that the loop had not been closed 
yet and thus the phone was still ringing. The slang term 
for the device was a red box, and it became popular on 
college campuses throughout the country in the 1960s. 


PHONE SERVICE THEFT IN THE 1960s 


In the 1960s many people began actively participat- 
ing in antiestablishment behavior. College students and 
activists probably had the most significant impact on cre- 
ating the notion that Bell Telephone was an evil mono- 
poly worthy of creative attacks such as defeating the toll 
system to make free long-distance calls. Numerous un- 
derground and legitimate publishing houses put out 
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“guerrilla” manuals that covered a variety of techniques 
that were, in fact, quite effective in cheating Bell out of 
toll charges. (Many of these publications indicated that 
there was “poetic justice” in ripping off the telephone 
system while spreading the seeds of political discontent, 
since at that time Bell Laboratories was involved with 
research and development projects that were identified 
as contributing to the U.S. war effort in Southeast Asia.) 
Cheating the phone company became not only economi- 
cally viable but a means of protest. 

Activist Abbie Hoffman, in collaboration with Jerry 
Rubin and Ed Sanders, wrote a highly controversial guer- 
rilla warfare manual entitled Steal This Book, which is 
representative of the literature prevalent during this era. 
In the book, Mr. Hoffman described a number of methods 
to make free telephone calls. He suggested, for instance, 
putting #10 washers in the coin slot in place of coins. He 
also described how to record the sound of coins dropping 
into the phone slot, and then play back the tape for the 
operator when she requested that coins be deposited to 
make a call. 

Most notably, Hoffman provided a schematic diagram 
for a device known as a blue box that generated audio 
tones that affected the phone company’s long-distance 
switching. When these tones were sent down the phone 
line, they essentially took over the circuitry at the local 
phone company switching center and permitted the user 
to make long-distance calls worldwide without any 
billing record ever being generated. 

In its basic configuration, the blue box was simply a 
transistorized dual-tone oscillator circuit that produced a 
2600 Hz (hertz) audio tone through a small speaker, 
which was placed over the mouthpiece of the telephone. 
The origins of the term “blue box” can be traced to a small 
plastic box sold by Radio Shack in which electronics hob- 
byists built their homemade circuits. 

College students at MIT in the late 1960s are credited 
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with developing another device. Often referred to as a 
black box, it duplicated the tones generated at newer pay 
telephones as the coins were dropped into the slot. The 
students would play these tones over the phone line and 
convince the operator that they had actually deposited 
coins for a long-distance call. 

Red, blue, and black boxes became a rage on campus 
during the counterculture era of the late 1960s. The polit- 
ical climate as well as the advent of semiconductor tech- 
nologies made the miniature devices suitable for 
widespread use. Although a number of techniques were 
employed to attack the toll billing system, the general 
approach became universally known as blue boxing and 
was a very “in” thing to be able to accomplish. Indeed, 
the defeat of the telephone company was a technical chal- 
lenge for the engineering student as well as a political 
statement for the liberal arts students. 

One notable participant in the blue box phenomenon 
was a student by the name of Joseph Engressia. He was 
able to whistle a consistent 2600 Hz tone. In fact, his skill 
at whistling on this exact frequency was used by many 
electronics hobbyists to calibrate their homemade blue 
boxes. Engressia became known as “the Whistler” but he 
eventually was caught. The details of his case are some- 
what clouded, but apparently he was arrested in Moscow 
after talking to a U.S. Marine guard at the American 
Embassy there. Alledgedly he openly discussed his theft 
techniques with many of the wrong people, possibly 
including Soviet officials. Engressia’s arrest was well 
publicized. (After serving time in jail, Engressia cooper- 
ated with the phone company in developing strategies to 
halt the theft of phone service. He was hired as a “prob- 
lem analyst” by Mountain Bell in 1977.) 

Although Bell Telephone was aware of various theft 
practices that employed tone generation as early as 1961, 
their internal security apparatus concluded that the loss- 
es suffered through this somewhat simple technology 
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were not comparable to the amount of resources that 
would be required to halt the practice. This attitude 
changed very quickly. 

By the late 1960s, service theft had become much 
more of a problem. The Hoffman book was widely read 
on campus, and the theft of service from pay phones 
became the first area of concern for the phone company. 
It developed a variety of electronic devices to defeat false 
indications of coin receipt. The technology race began. 

As the phone company developed a strategy to defeat 
a specific technique, the students developed another 
method. Blue boxes became more reliable and smaller in 
size due to the development of transistor devices. The 
technical characteristics of the blue box were such that 
simple solutions to its use were not readily available. 
Once the box became palm size and portable, the tracing 
process became even more difficult to conduct. 

Illegal pay-phone-to-pay-phone long-distance calls 
were made by many left wing radical groups in the late 
1960s using well-calibrated transistorized blue boxes, and 
Abbie Hoffman’s books, including Steal This Book, became 
best-sellers due to his high-profile activist role. (His works 
sold more than 3 million copies.) Eventually, Bell Tele- 
phone’s internal security apparatus requested help from 
the federal government in dealing with this problem. 


Organized Crime and Phone Service Theft 

The fact that no billing record was generated with the blue 
box had significant appeal to organized crime elements who 
wished to place illegal bets and conduct transactions over the 
telephone that were untraceable. Due to the growth of the 
drug culture as well as new laws in 1968 regarding wiretap- 
ping (Public Law 90-351, 90th Congress, H.R. 5037, “Omnibus 
Crime Control and Safe Street Act of 1968,” which placed 
strict limitations on government wiretaps), the illegal use of 
the telephone became the primary communications tool in 
the “underground economy” created in the 1960s. 
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The federal government responded to these activities 
by studying illegal communications techniques and using 
the “patterns” displayed by some criminal groups against 
them. An FBI undercover investigation in the late 1960s 
revealed that a group loosely associated with the Hell’s 
Angels Motorcycle Club of California was using illegal pay- 
phone-to-pay-phone contacts to sell and distribute a home- 
made chemical stimulant known as methamphetamine. 
This group employed unauthorized third-party billing to 
make the calls from pay phone to pay phone, charging the 
calls to someone not actually involved. 

These criminals utilized pay telephones in a manner 
that could be methodically tracked, since customers who 
were billed for the unauthorized calls eventually notified 
Bell. The FBI, in cooperation with the phone company, 
conducted a tedious and elaborate tracing program of pay 
phones being used illegally to call other pay phones 
using unauthorized billing. From this theft pattern, FBI 
investigators uncovered an elaborate nationwide organi- 
zation. The stimulant was produced in clandestine labs 
on the West Coast by “cooks” who had a rudimentary 
knowledge of chemistry. The product was sold to distrib- 
utors, who shipped quantities of it to large cities through- 
out the Midwest and East Coast. Methamphetamine 
became known as “crank” in street slang because it fre- 
quently was shipped inside the crankcase of Harley 
Davidson motorcycles. 

This group had assumed that pay-phone-to-pay- 
phone calls were secure communications. The FBI ex- 
ploited this primitive attempt at COMSEC and credits the 
group’s clearly identifiable phone theft pattern (most of 
the calls were made from pay phones in bars frequented 
by bikers in the Midwest and along the East Coast) as 
helpful in the investigation. 

By the early 1970s, the various techniques for toll 
cheating were well known among the counterculture and 
criminal fringe in the United States. AT&T was also 


knowledgeable of the various techniques for service theft, 
and it began intense research projects to defeat the tech- 
nology. The mainstream media also became more cog- 
nizant of the theft of phone service, and cases where 
AT&T prosecuted individuals caught stealing service 
were covered heavily in the press. This coverage actually 
caused the problem to become common knowledge 
among a wider segment of the public. Furthermore, the 
somewhat liberal media slant in the coverage of these 
cases made the thief appear to be a creative and clever 
individual and actually gave AT&T a somewhat negative 
image. 

An interesting case that illustrates this socially 
encouraged “outlaw” mentality is that of John Draper. In 
the late 1960s, Draper discovered that, when blown into a 
phone’s handset, a small plastic whistle given away as a 
prize in a popular breakfast cereal happened to generate 
the precise 2600 Hz tone oscillation that electronically 
seized an internal long-distance line from the phone com- 
pany. Draper promoted his discovery, which functioned 
similar to the blue box, in a number of underground 
newspapers in the New York area. He was not aware that 
AT&T had begun electronic sensory development that 
detected this illegal tone. 

Draper was caught and arrested, and his prosecution 
was covered in the national media. But instead of being 
identified as a criminal conspirator, Draper became 
known as “Cap’n Crunch,” and his creative approach to 
phone theft was regarded as a prank against the mo- 
nopoly of AT&T. The phone company suffered negative 
press for its prosecution of Draper, as well as some embar- 
Tassment, since a child’s toy was used to defeat its inter- 
nal toll billing process. 

John Draper was convicted and sentenced to six months 
in jail. Yet he became an underground cult hero to a grow- 
ing group of technical students and fringe groups who 
focused on attacking the telephone system’s vulnerabilities. 
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PHONE SERVICE THEFT IN THE 1970s 


Underground newsletters and publications relating to 
new alternative technologies, collectively termed phone- 
phreaking, reached their peak in the mid-1970s. 

By 1974, AT&T had begun improving its switching 
systems. Low-cost microcomputer technology had been 
developed to allow high-speed electronic switching and 
automated toll-charge billing. This technology included 
special focus on internal security devices and systems. 
Known toll cheating procedures were considered in the 
hardware development. 

The popular blue box became a foolish technique to 
employ. AT&T began an aggressive and successful cam- 
paign to detect and prosecute blue boxers. Users of the 
device who were caught were primarily businessmen and 
professionals. In fact, many well-publicized prosecutions 
were against wealthy and successful people. 

On 27 March 1974, soul singer Ike Turner was arrest- 
ed in California after his studio was raided by police. 
Pacific Bell Telephone had used its new sensory circuits 
to detect Turner’s alleged theft of long-distance service. 
An illegal blue box was found connected to several lines 
in his recording studio. In order to build a criminal case 
against him, law-enforcement officials had also obtained 
a court-authorized wiretap clearance to record the con- 
versations taking place. On 7 August 1974, the charges 
against Turner were dropped when the voiceprint evi- 
dence failed to show that his voice was actually on the 
recordings. One of Turner's associates was convicted and 
sentenced to six months in jail. He also had to pay about 
$3,000 in long-distance charges. 

The cause of AT&T’s poor public image in the 1970s 
was more than just a result of counterculture attacks and 
bad publicity. The federal government challenged and 
aggressively litigated AT&T’s monopoly over telephone 
communications for most of the decade. As a result, this 
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huge corporation was split up into seven autonomous 
regional phone companies in the early 1980s. 


PHONE SERVICE THEFT IN THE 1980s 

One significant aspect of the company’s “settlement” 
with the federal government suit was the introduction of 
acompetitive long-distance service industry. Numerous 
small and large independent companies began to offer 
long-distance service to the public. In order to compete, 
these firms had to advertise substantial rate discounts 
compared to AT&T’s long-distance toll charges. 

Initially, these “alternative long-distance carriers” 
had to provide each customer a plastic card with an 
access number and fourteen-digit account number that 
the customer had to dial in order to save money on the 
call. Some people had to dial dozens of numbers accu- 
rately each time they wanted to use the discount long-dis- 
tance service. This was complicated, confusing, and 
inconvenient for many Americans, so the concept of 
equal access was introduced. Now customers were 
allowed to select a specific long-distance company as 
their carrier, and no account numbers had to be dialed. 
By 1985, equal access was in place throughout most of 
the United States, but before that the plastic card with the 
long-distance access number was more common thana 
bank credit card in people's wallets, and a whole new 
means of telephone theft and fraud was born. 

Phone customers who wished to make a long-distance 
call while traveling would give the operator their tele- 
phone credit card number or simply punch in the number 
when prompted to do so by the phone company comput- 
er. Criminals would observe this at a pay phone, make 
note of the number dialed, and then use the number or sell 
it at airports and bus terminals. Phone bills in excess of 
$100,000 arrived at people’s doorsteps in large boxes from 
UPS because customers unwittingly let their numbers be 
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known. The customer was not actually charged for these 
illegal calls; the phone companies usually cancelled the 
card and wrote off the cost as a business expense. 
According to AT&T’s annual report for 1982, it deducted 
more than $70 million in business expenses related to the 
theft and fraud of its long-distance services that year. 

By 1984, telephone credit card theft and fraud had 
become a growth industry in the United States. Or- 
ganized criminal groups and individuals worldwide 
actually made the theft and distribution of these account 
numbers a criminal specialty. 

AT&T responded pragmatically with a research project 
developed by Bell Communications Research (BELCORE) 
to create strategies to deny physical access to a customer's 
billing number by unauthorized persons. BELCORE deter- 
mined that there were a number of ways thieves were gain- 
ing access to the numbers, and it focused on the three pri- 
mary causes: phone booth surveillance, sequential digital 
access by home computer, and mail theft. 

All seven regional phone companies contributed to 
the cost of this project, and BELCORE developed the fol- 
lowing strategies and technologies to attack the problem: 

1, DIGITAL CARD READERS. These were pay phone- 
type terminals that had a slot on the side of the phone for 
customers to insert their long-distance credit cards. The 
units read the magnetic strips on the back of the cards to 
get the billing information. Customers did not have to read 
out the credit card number or enter it into the telephone 
keypad, where an experienced service thief could hear or 
observe the account number. These terminals were (and 
are still) successful in high-traffic high-risk locations like 
train stations and airports. The data card phone also 
denied the service thief use of any numbers he may have 
“collected” since there were no coin slots on the unit, and 
an actual card had to be inserted into the phone. 

2. MULTINUMBER ACCOUNT SEQUENCE. When 
telephone credit cards were first issued, the first ten dig- 
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its of the fourteen-digit account number were usually the 
subscriber’s area code and home phone number. A ser- 
vice thief could program a home computer with a modem 
to make a call through the carrier’s billing system and 
sequentially attempt all possible four-digit access num- 
bers until the billing computer accepted the entry. 
Although this required the thief's computer to attempt a 
possible total of 9,999 tries to gain access, it required no 
human participation whatsoever to conduct this mun- 
dane task. In fact, a typical home computer could make 
the connection every 5 seconds, or 12 times a minute, or 
720 times every hour. Of course, if you attempt to guess a 
specific number out of a batch of 10,000 numbers, statis- 
tical probability alone would allow you to learn the num- 
ber within the first 5,000 attempts. Since a personal com- 
puter could make about 17,280 attempts per day, it usual- 
ly could come up with about three credit card account 
numbers every day for the service thief. 

BELCORE recommended random fourteen-digit ac- 
count numbers for each customer. A personal computer 
would not be able to statistically “guess” an accurate 
fourteen-digit number if it operated continuously for 
more than three years. BELCORE also developed software 
that would allow the billing computer to detect a large 
number of attempts at any code number, especially when 
these attempts were being sent by computer. 

3. MAIL ACCOUNTING PROGRAMS. Many cus- 
tomers who had service initiated with a specific carrier 
received a telephone credit card in the mail. A common 
method of theft was to simply intercept this card in the 
mailbox. Before the customer knew the card had been 
stolen, thousands of dollars worth of long-distance bills 
would arrive. 

BELCORE advised all carriers to send a follow-up 
piece of mail to each customer advising that the card 
had been sent and when. If customers failed to receive 
the card, they were asked to call a toll-free number to 
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advise the carrier, and the card would be cancelled. 
This simple approach was very successful and is now 
almost universally employed by all of the major long- 
distance carriers. 

4. SECURITY SOFTWARE DEVELOPMENT. BEL- 
CORE provided software that allowed the billing comput- 
ers to recognize “theft patterns” such as an inordinate 
number of calls being made on one account number. This 
information was electronically compared with the esti- 
mate of card usage given to the carrier by the subscriber 
when they applied for the account number. If the current 
usage drastically exceeded the estimate, the carrier called 
the subscriber and inquired about the call volume. If the 
calls were not authorized, the card was cancelled and the 
traffic analyzed in an attempt to catch the service thief. 

Because long-distance service is a lucrative business 
that requires minimal labor intensive participation, a lot 
of small companies got into the long-distance game in the 
first half of the 1980s. Many of these firms did not fare as 
well against telephone credit card thieves and were 
forced to declare bankruptcy or merge with larger compa- 
nies in order to stay afloat. Although telephone service 
fraud represents about 1 percent of total revenues for the 
industry as a whole, the losses some smaller companies 
were forced to face were too much. “Hostile takeovers” 
and acquisitions of the late 1980s also contributed to a 
thinning of the number of actual companies offering long- 
distance service. By 1988, U.S. Sprint, MCI, and AT&T 
had secured most of the long-distance market, with AT&T 
having the greatest percentage of customers. 

The level of theft began to taper off in 1988 due to the 
efforts of an industry-sponsored organization known as 
the Communications Fraud Control Association (CFCA). 
This group began a multilevel campaign to attack the 
problem with the cooperation of most of the carriers as 
well as federal and state law enforcement agencies. The 
most significant elements of the CFCA program were its 
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aggressive prosecution of offenders and its antifraud edu- 
cation programs targeted towards population segments 
deemed most likely to defraud the phone companies: col- 
lege students, military personnel, and prisoners. (These 
three demographic groups statistically represent more 
than one-third of the volume of telephone credit card 
theft and fraud in the United States as of March 1991.) 

The CFCA also attacked the problem with an amnesty 
program. It compiled a detailed listing of credit card calls 
that were fraudulently placed from, for instance, a col- 
lege campus. Then it notified all individuals who had 
enough prosecutable evidence against them that if they 
paid the toll charges, no criminal charges would be filed. 
In 1988, several hundred students at highly reputable 
American University in Washington, D.C., took advan- 
tage of this amnesty offer and agreed to pay MCI Com- 
munications more than $32,000 in unauthorized toll 
charges to avoid criminal prosecution. Also in 1988, 
more than one thousand underclassmen at North Texas 
State University agreed to pay MCI approximately 
$100,000 in a similar out-of-court “settlement.” 

As can be illustrated by the above historical overview, 
telephone service theft and fraud has been a problem for 
the communications industry for many years. The indus- 
try has been quite impressive at addressing virtually 
every technology and approach used to defeat the toll 
system. As service thieves developed strategies, the 
phone companies attacked each one creatively and ina 
pragmatic, effective style. Yet the problem is far from 
solved. In 1990, loss estimates from credit card theft 
alone were stated by the industry to exceed a half a bil- 
lion dollars. 


PHONE SERVICE THEFT IN THE 1990s 


The 1990s are expected to see a resurgence of under- 
ground groups and extremist activity in the United States. 
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The means by which these groups are expected to com- 
municate will be covered in detail in the next chapter. 

Although the phone company has focused tremen- 
dous resources on a number of theft technologies, one 
basic approach is still virtually impossible to address 
effectively. The parasitic interconnect, or intentional line 
seizure as it is known in the telecommunications indus- 
try, exploits a universal aspect of the telephone circuit 
that cannot be corrected reliably. The service thief simply 
hooks into the phone line, either at the pole or at the out- 
side terminal box on the residence, essentially installing 
his own extension on an existing telephone line. 


Mail Order Companies and Phone Service Theft 

This approach to ripping off the phone company has 
become a little known but active enterprise for a number 
of small mail order companies in the United States. Here 
is a sampling of advertisements from these firms: 

BEAT THE SYSTEM. Never pay for the phone again! 
Free long-distance. This device tricks the phone. Money- 
back guarantee. For novelty purposes only. 

PHONE COLOR BOXES. Designed by phone phreaks! 
Fifteen phone color boxes described. Dozens circuits; 
programs. Plus call forwarding conferencing; phreak his- 
tory; fifty useful, simple and legal phone circuit plans. 

BLACK MARKET. Hacking, phreaking, weapons, elec- 
tronic surveillance communications, more. Hardware, 
software, plans, kits, books. $1.00 catalog. 

Electronics, military, and do-it-yourself magazines 
carry these advertisements. Many of these firms have 
been around for decades. Generally, they provide plans 
for making your own blue box or similar device. 

There are about two dozen firms in the United States 
that sell this type of information. It is generally true that 
companies selling the plans for blue boxes advise the read- 
er of the risks as well as limit their own liability by stating 
that the product is for “information purposes only.” 
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The fundamental problem with these companies is 
that they are selling technology and techniques that are 
easy for the phone company to detect. Although there are 
parts of the country where a blue box will still work with 
only a slight chance of detection, the fact is that the tech- 
nology is extremely dated. This is seldom stated in their 
offerings. The individuals selling the information are 
after the novice in the phone theft game. 

An example of line-seizure technology available by 
mail order is a basic telephone set with alligator clips 
connected to a wire. Called the “Adventurer’s Telephone 
Set,” it is sold for about $100 and basically is a copy of a 
telephone wireman’s set for use along the telephone line. 
This simple device has made its way into criminal hands 
and the inventories of a number of terrorist groups. 

For example, on 18 October 1984, the FBI raided a 
home near Sandpoint, Idaho. The residence, located 
about fifty miles from the Canadian border, had been 
occupied by Gary Yarbrough, a member of the violent 
white supremacist group known as the Order. Yarbrough 
barely escaped that evening, but in the attic of the home 
was found a number of weapons (including the sup- 
pressed .45-caliber MAC 10 submachine gun used to kill 
Alan Berg, a Denver, Colorado, radio talk show host), 
hundreds of documents, and a telephone lineman’s set 
that he had used to make illegal telephone calls to other 
members of his group by hooking into phone circuits in 
tural Idaho and Washington. Court testimony revealed 
that a number of the members of this domestic terrorist 
group had employed intentional line seizure as part of 
their communications plan. 

Other groups outline phone service theft and line- 
seizure techniques in their training manuals. The book 
EcoDefense: A Field Guide to Monkey Wrenching by Dave 
Foreman, the leader of the group Earth First!, is a recent 
example. On page 228 of the second edition of this best- 
selling book, the author recommends line seizure at a 
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business or apartment location. He describes in simple 
and accurate terms how to connect a telephone or com- 
puter modem to a telephone line as a means of anony- 
mous computer hacking. He further advises placing secu- 
rity elements to observe the business or residence while 
theft of service is occurring. Foreman states that line 
seizure is useful in computer sabotage because authori- 
ties will attempt to trace the call, and if the trace is to an 
anonymous business, the hacker can get away. 

In his book On the Run, CIA defector Philip Agee 
described his approach to phone service theft while he 
was hiding from the Agency in France. Agee states that 
he often used a certain pay telephone that was modified 
by French students to make free calls. A pin was inserted 
at the toll counter to stop it from advancing. He also 
described using a certain professor's telephone line to 
make international calls by seizing the line when it was 
left unattended at night. 

Line seizure is the simplest and quickest means of ini- 
tiating an illegal phone call, although it is certainly not 
the safest way to go. The fact is that a record of an unau- 
thorized call is created, and it is very likely going to be 
disputed by the legitimate subscriber. This is important 
to consider, since the point of covert communications is 
to avoid calling attention to oneself. Yet in general, line 
seizure is prevalent because it is simple and it works, and 
therefore, it isthe most common means of service theft by 
underground and criminal groups. 


Computer Technology and Phone Theft 

Technologies recently developed to obtain credit card 
account numbers on a large scale focus on illegal com- 
puter access. Computer hacking has developed into a 
major threat to a number of business and government 
data-base systems. The penetrations conducted in the last 
few years have been more harmful and malicious than 
those conducted in the early 1980s. 
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The home computer has been the foundation of anew 
counterculture of technical students and software devel- 
opment hobbyists. These loosely organized groups tend 
to practice their skills on supposedly secure targets. 
Some groups specialize in creating mass programming 
errors in the target system. These errors cause losses of 
data and files and are termed viruses, bugs, or worms, 
depending on the programming sequence employed to 
attack the system. An inexpensive home computer and a 
modem connected to a telephone line seem to present a 
number of temptations to the computer hacker. 

Some hackers specialize in obtaining confidential or 
internal information files from large companies and govern- 
ment agencies. The long-distance credit card thief has fo- 
cused on this activity. The hacker gains computer access to a 
long-distance carrier’s internal billing system and illegally 
obtains bulk amounts of telephone account codes. 

As in the 1970s, media coverage of these illegal com- 
puter penetrations tends to focus on the creativity and 
“prankster” image of the hacker. The commercial or gov- 
ernment networks that are the victims of the illegal access 
usually are not given any amount of sympathy. News 
reports covering these cases frequently regard them as 
amusing “adventures” of “spirited” students. 

Just as the telephone company retained blue boxer 
John Draper for security development in the 1970s, many 
companies today are hiring successful computer hackers 
to assist them in developing countermeasures to illegal 
system access. Many successful and prominent computer 
industry figures have openly admitted to a number of 
hacking enterprises in their college years. Stephen Jobs, 
founder of Apple Computer and now president of NeXT 
Computer, admits to having “dabbled” in blue boxing and 
other phone service theft techniques while in college, 
according to interviews and reports. 

The typical young computer hacker seldom gets 
involved with large-scale criminal activities. Unfor- 
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tunately, the computer has become a too] for a number of 
organized crime groups in conducting their illegal activi- 
ties. Telephone credit card theft is a lucrative industry in 
the United States, and the personal computer has become 
an effective tool in gaining access to a large amount of 
active account numbers, which are sold and distributed 
nationwide. Often they are sold at major air terminals and 
bus stations to travelers as a means of calling relatives 
and friends at a flat rate. (In New York City, the going rate 
for this exchange is $3.00 for a call anywhere in the 
United States and $5.00 for a call anywhere in the world.) 

The problem of computerized theft of account numbers 
on a large scale has been addressed by most of the major 
long-distance carriers. On 8 May 1990, agents with the FBI 
and Secret Service began a sweep of arrests after an eigh- 
teen-month investigation into a group of hackers who stole 
phone billing account numbers. During simultaneous raids 
in fourteen U.S. cities, agents seized 40 personal comput- 
ers, 23,000 disks, and other materials. Five young men, 
ages 19 to 24, were arrested. Among other charges, they 
were indicted for theft of long-distance toll services in 
excess of $50 million. According to a spokesman for the 
U.S. attorney's office in Phoenix, Arizona, where the inves- 
tigation was based, the arrests were “just the tip of the ice- 
berg” in terms of organized computer theft of telephone 
billing account numbers in the United States. 
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The basic premise of outlining the history of phone 
service theft is for the reader to understand that to steal 
phone service as a part of any communications plan is 
not a new or particularly original approach to covert or 
underground message exchanges. This overview should 
provide insight into the tactics and technologies that 
have been employed, as well as give the reader a clear 
understanding of the inherent risks involved. 
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10 @ COMMERCIAL 
CIRCUIT ACCESS 
STRATEGIES 


This chapter will focus on the tactics and technologies 
employed by professional thieves, criminal elements, and 
computer hackers to defeat the telephone toll billing pro- 
cess to the tune of more than $500 million a year. 

The operative is advised to review and assess the 
inherent risks of each of these strategies individually 
before making the decision to execute any one approach. 

It is important that the reader understand that this 
very illegal activity involves electronically attacking an 
extremely alert and sophisticated communications sys- 
tem that is technically proficient at catching unprof- 
itable, unauthorized penetrations. Therefore, conduct 
these maneuvers at your own risk. If you believe you are 
clever enough to continuously commit a felony against a 
large corporation with aggressive internal detection and 
investigative assets, you may learn otherwise at your own 
expense. This information is for academic purposes only. 


Essentially, there are three approaches to attacking 
the security of the TELCO circuit for electronic access 
and illegal service connection. All of these strategies are 
designed to function within the alert sensory environ- 
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ment of the modern phone system. This circuit is a com- 
plex electronic “organism” that has built-in computer 
protection from intrusion. In fact, the system is designed 
to detect, locate, and attack a penetration in a manner 
much like a living organism would attempt to deal with a 
germ or a virus. It also continuously learns, develops, and 
“mutates” to compensate for new intrusion strategies as 
they develop and are identified by the flexible system 
software and detection architecture. Understanding the 
above analogy is important if you wish to operate elec- 
tronically within this hostile sensory environment. 

The three most useful penetration strategies are: 

1. PARASITIC INTERCONNECT. This broadly defines 
the introduction of specialized hardware to illegally 
function somewhere within the circuit. Network inter- 
face cable rerouting, covert “insulation displacement,” 
and inductive collection devices at the multiplex termi- 
nal are all examples. This technique is also termed inten- 
tional line seizure by the phone companies. 

2, ACCESS CODE INTERCEPT. This approach in- 
cludes passive and active measures used to gather bulk 
amounts of functional access codes. Internal phone com- 
pany authorization codes and active subscriber account 
numbers are collected electronically using a variety of 
technologies. 

3. SYSTEMATIC DECEPTION. This is the most 
advanced approach currently being employed. It is a dif- 
ficult-to-detect “front door” strategy that employs the 
human elements of the system for access. The approach 
gives the indication of a legitimate service request by a 
potential subscriber and requires the creation of a 
detailed “electronic identity” that will meet the phone 
company’s credit profile. Once initial low-level access is 
gained with this nonexistent “customer,” the authoriza- 
tion code is electronically injected into other systems and 
a stream of seemingly legitimate access codes are provid- 
ed unwittingly by the service request operators. One sig- 
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nificant aspect of this approach is that even when detect- 
ed, it is handled as a standard uncollectible account and 
not as an actual theft. 

Each of these approaches has technical merit, but 
before deciding to execute any one procedure, the reader 
is advised to examine all the strategies discussed. Each 
approach is designed to attack specific vulnerabilities of 
the telephone system circuit. In keeping with the original 
analogy of the telephone system being a complex “elec- 
tronic organism,” these strategies seem to work because 
they cause a mild, noncontagious “infection” for which 
the system is incapable of producing an “antidote” or 
software “inoculation.” Each access acquisition strategy 
must, in fact, be somewhat “acceptable” to the system 
and employed only to a certain tolerance envelope that 
essentially is unknown by the intruder. The success of 
these approaches is probably temporary due to the sys- 
tem’s constant growth. Intensive usage of any one tech- 
nique will accelerate detection and actually assist the 
system’s security analysts in developing effective coun- 
termeasures. 


\ 
t PARASITIC INTERCONNECT 


This strategy is the easiest and fastest method of cir- 
cuit penetration. Using easily modified hardware, the 
operative covertly installs a secondary extension into the 
system from an access point that is selected on the basis 
of security and function. The two objectives that can be 
realized from this method are: 

1. INSTANT CONNECTION. The circuit can be entered, 
the legitimate subscriber can be bypassed temporarily, and 
calls can be made quickly on an as-needed basis. 

2. CODE NUMBER COLLECTION. A parasitic inter- 
connect can be executed on a strategically located pay 
telephone or even a “credit card only” terminal to gather 
a large number of access codes. The goal is to record and 
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collect the digital tone code sequences as they are entered 
by the subscriber. 

Speed and simplicity are characteristic features of 
parasitic interconnect. When executed randomly and 
carefully, this strategy exploits a vulnerability of the sys- 
tem that is, for all practical purposes, impossible for the 
phone company to correct or defeat. 

Parasitic interconnect is technically possible due to 
the breakup of AT&T (Bell). The commercial market now 
has thousands of private companies that work in and 
around the telephone circuitry—installing hardware, 
troubleshooting line installations, and so on. While in the 
1960s and 1970s Bell Telephone had internal detection 
equipment to learn if someone had placed an extension 
or any other foreign device on the telephone circuit, 
today consumers are permitted to do so, and a number of 
companies offer services that involve the physical access 
of the circuit. 

Many small residential and commercial prewiring 
firms employ former telephone company technicians to 
perform installations. It is not uncommon to see an indi- 
vidual with a telephone handset and a tool belt at a termi- 
nal box or wiring junction testing equipment or lines. Yet 
this person is not necessarily a TELCO employee. This 
operational characteristic of the modern telephone cir- 
cuit is perhaps one of the most useful vulnerabilities that 
can be exploited in access acquisition. 

The telephone system is not as complex as it appears. 
There are a number of access points at which the opera- 
tive can safely install a parasitic device, and as long as 
the risks and inherent dangers are considered in opera- 
tional planning, the use of the parasitic interconnect 
technique can be a flexible component of an underground 
communications plan. 


Risk Assessment 
A parasitic interconnect is installed on the circuit in 
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the same manner and using similar equipment as an ille- 
gal wiretap. Consequently, there are some risks involved 
with the execution of this approach. If the connection has 
subscriber-installed detection equipment on the line, the 
parasitic device will be detected immediately and the 
subscriber will be alerted. Precautionary measures are 
described later to protect the operative from this rare but 
potentially compromising condition. 

The parasitic interconnect can also be detected easily 
by the random phone company technician who happens to 
be servicing that specific location for any number of rea- 
sons. The presence of the parasitic device will be recog- 
nized as either a service theft or possibly an illegal wiretap. 
Either way, the operative will be at risk of compromise. 

These two operational threats must be neutralized 
somehow. In most cases this is not completely possible. 
There are techniques and hardware that can assist in this 
area, but the first thing the operative must understand 
before employing parasitic interconnect is basic tele- 
phone system wiring practices. 


Structural Overview of the Telephone System 

At the end of the telephone system circuit there is 
always a telephone that must be bypassed temporarily to 
avoid compromise from either end of the circuit. There 
are a number of suitable entry points in the wiring config- 
uration at which to do so. Selection of the most secure 
access point in any given situation is based on under- 
standing the general characteristics of the system. 

By the early 1970s, AT&T had more than 100 million 
telephones installed. The complex system of networks 
designed to allow any one telephone to contact another 
can be divided into three basic types: Long Haul Network, 
Exchange Area Network, and Local Network. This system 
now connects 570 million phones worldwide. 

The Long Haul Network uses satellite ground stations 
as well as microwave and fiber optic links to transfer 
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large numbers of conversations worldwide along 
“trunks.” (A trunk is simply a circuit linking two switch- 
ing center systems.) Fiber optics technology is proving 
extremely useful in this area. One glass fiber as thin as a 
human hair can carry thousands of voice channels. A 
standard AT&T FT4 fiber optic cable carries 4,032 chan- 
nels simultaneously. The major competitors in the long- 
distance industry have independent Long Haul Net- 
works. MCI (Microwave Communications Inc.) uses 
microwave links for its service, but U.S. Sprint has in- 
vested heavily in fiber optic links. 

The Exchange Area Network is the intermediate link 
between the Long Haul and Local Area Networks. The 
Exchange Area is focused on local inner city switching 
and linking the subscriber to toll services. It typically is 
confined to those areas that the subscriber can call at no 
toll charge, termed the Jocal calling area. The Exchange 
Area Network employs wire, microwave, and fiber optics 
to link each central office to the other and itself to the 
Long Haul Network. 

The Local Network is the wire system that connects 
an individual subscriber’s phone to the rest of the system. 
The Local Network is confined to the central office (CO) 
and the thousands of wire pairs (the two wires running to 
the residence) that connect throughout any specific geo- 
graphic area. The central office is identified by the first 
three digits in a phone number, or the exchange number. 
An understanding of the wiring characteristics of the 
Local Network can greatly enhance the employment of 
parasitic interconnects within the system. 

The “typical” central office is difficult to define. It 
may cover several square miles or be confined to a few 
blocks. It may actually be nothing more than a remote 
switching unit (RSU) containing computer circuits to 
route each call. The average central office wire center in 
an urban American city covers about 12 square miles, 
about 150 square miles in a rural area. 
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Running from the central office is a large number of 
cables known as a feeder network. These cables generally 
are underground and cover a specific geographic area 
known as the feeder route boundary. The local distribu- 
tion area for a central office feeder network is divided into 
several serving areas where cables come up from the 
underground routing conduit to an interface box. (The 
serving area can be several city blocks in size.) The net- 
work now travels aboveground, typically on telephone 
poles containing several hundred or thousand telephone 
pair cables. These thick pair cables are routed to individu- 
al blocks, where they get progressively smaller in size as 
individual pairs connect to homes. By the time the cable 
reaches a specific street corner it is usually a 50-pair cable. 


Parasitic Interconnect Access Points 
along the Telephone Circuit 

Terminal wiring points are those portions of the tele- 
phone company circuit that terminate at the subscriber 
location. These points can be divided into two basic 
areas: those access points that are the property and main- 
tenance responsibility of the phone company, and those 
that are the property of the subscriber. 

Essentially there are ten usable access points along 
this circuit, each of which will be covered in the follow- 
ing pages. The technical descriptions and characteristics 
and the risks and benefits of each point will be compared 
and assessed. With care, parasitic devices can be 
employed at any of these points, and the target traffic can 
be collected safely if the precautions explained in the text 
are considered and adhered to. 

The following are the parasitic device access points 
on telephone company property: 

1. Telephone pair cable. 

2. Telephone pole. 

3. Terminal box. 

4. Drop wire. 


t 
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5. Network interface. 

The following are the parasitic device access points 
on the subscriber’s property: 

1. Interface to junction wire. 

2. Wire junction box. 

3. Station wire. 

4. Modular phone jack. 

5. Telephone wire and unit. 


Telephone Pole 

Although underground wiring is slowly replacing the 
telephone pole in modern metropolitan areas and sub- 
urbs, the telephone pole usually is the starting point at 
which the operative can access a specific subscriber line. 
A standard telephone pole is creosote-treated hardwood 
standing 18 to 20 feet high. The pole may also carry high- 
voltage power lines, cable TV routing lines, and traffic- 
light control boxes. Caution should be used in attempting 
to access a phone line via the pole—it is the most danger- 
ous and high-profile access point. 

Telephone pole climbing requires metal spikes that 
are attached to the lower legs with leather straps. These 
spikes are termed gaffers and require a bit of practice to 
use safely. Gaffers can be purchased at surplus stores, 
hunting supply stores, or sporting goods outlets, as they 
are used by some hunters to climb tall trees and install 
metal seats known as “deer stands.” A safety harness is 
also required. 

Covert pole climbing usually is done late at night. 
Some important points to remember about pole climbing: 

1. Wear durable gloves and boots and loose-fitting 
clothes that have no tears or layers that may get snagged or 
impede the climb. Obviously, dark colors should be worn. 

2. Keep the gaffers clean and sharp. As you climb, gaff 
the pole about 1/4-inch deep and climb in 8- to 12-inch 
steps. Take your time, planning two or three steps ahead. 

3. Never climb alone. Have an observer to keep an eye 
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This is an underground installation where high-voltage, phone, and 
cable TV lines share the telephone pole. To access the terminal box, 
the operative must climb around the deadly high-voltage conduit. Do 
not climb these types of poles. 
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on the area while “spotting” for you. This protects you from 
the risk of being caught and also provides a safe extraction 
and first aid source should you get injured during the 
climb. Always wear a safety harness when climbing. 

Mounted directly on the telephone pole is an alu- 
minum box known as a terminal box. Inside the hinged 
door is a series of connecting terminals, usually from six 
to twenty-six pairs of screw or nut-type points. This is 
where the subscriber lines emerge from the cable. 

From the terminal box there is sometimes a long 
metal cable guide on the telephone wire. This is a termi- 
nating housing that allows the 25-pair telephone cable to 
be interconnected to the terminal box. Sometimes there 
is no terminal box, just this long housing directly on the 
thick 25-pair telephone cable, about 2 to 4 feet from the 
telephone pole. 

From either the 25-pair cable guide or the terminal box 
there is a thick pair of black wires that connect to the resi- 
dence. This line is known as the drop wire, and it is where 
the operative hooks up the parasitic interconnect device. 
The drop wire can be traced from the inside of the terminal 
box, and the device can be hooked up on the target line. 

There are some safety precautions that must be 
observed for any hookup at the telephone pole. If you are 
touching these terminals when the phone line is receiv- 
ing a ring signal from the central office, you will receive a 
substantial electric shock of about 96 volts. Although this 
voltage surge is not dangerous or even lethal, when you 
are on a pole in the middle of the night with sweaty 
palms, the jolt may cause you to pull away from the pole, 
loose your foothold, and fall to the ground. This has been 
known to happen to inexperienced linemen. 

Pole climbing requires a substantial amount of practi- 
cal experience to be safe and quick. It is recommended 
that you assemble your equipment and practice on a 
remote pole. The pole does not necessarily require a ter- 
minal box—simply practice careful climbs up and down 
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t the pole, stopping occasionally and working on a mock 
terminal box. 

Once daylight practice is comfortable and safety 
becomes a habit, practice in low light such as dawn or 
dusk, and then graduate to complete darkness. It is an 
indescribable experience to be up on a wooden pole in 
complete darkness, even without the adrenalin rush of 
possible detection and compromise. Without practice, 
therefore, the operative will find himself extremely dis- 
tracted and unable to perform a simple parasitic hookup. 

Many telephone poles have L-shaped ladder spikes 
every couple of feet. They can be accessed from the 
ground by climbing the pole up to the first rung. These 
ladders make the climb much safer; however, a safety har- 
ness should always be worn, regardless of the presence of 
these rungs. 

Although climbing up a pole by shimmying a few feet 
to the ladder rungs is relatively easy, the operative should 
never attempt to climb a ladderless pole without gaffers. 
This is much more dangerous than it appears. The climb 
up seems quite easy, but after clinging to the pole fora 
few minutes with just your legs and the harness while 
you work on the terminal box, your leg muscles will 
begin to constrict. When you loosen your hold to descend 
down the pole, your muscle control will be affected and 
you very likely will fall. 

Never climb a pole that has high voltage lines. Never 
climb a pole during high winds or any amount of rain. 
Make note of whether there are trees close by the pole 
that may obstruct your climb or work. Also make note of 
possible stinging insect nests on the pole or in a nearby 
tree. At night, bees and hornets are dormant to a degree, 
but your intrusion will be unwelcome. 

Careful premission planning, good equipment and 
safety habits, and an alert spotter are all key to quick, effi- 
cient late-night pole climbing. With practice, the entire 
maneuver can be executed in four to six minutes. 
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Terminal Box 

The terminal box is where the operative can hook up 
on any pair of lines and make calls using a business or 
residential line. One of these types of terminals can be 
found near most every dwelling in the country. Loosen 
the terminal box cover, place alligator clips on any pair, 
and run station wire down the pole to your phone. If you 
performed the maneuver correctly you will get a dial 
tone. You can place calls from a vehicle parked next to 
the pole, or you can hook up a modified cordless phone 
right at the terminal box and talk from blocks down the 
street. When you are finished, retrieve the wire or the 
phone unit quickly and clear the area. 

WARNING: The telephone pole is a dangerous access 
point. The illustration on page 157 shows one with a ter- 
minal box and cable as well as other wiring. Note that on 
top of the pole there are a transformer and high-voltage 
lines, which feed up from an underground conduit run. 
This configuration can be found at many locations that 
have underground wiring. In order to access the terminal 
box, you have to climb directly over this conduit run. 

Never attempt access at this type of pole. If you acci- 
dentally touch the wrong wire or if your gaffers acciden- 
tally pierce the high-voltage conduit on the side of the 
pole, you will be electrocuted and die. The voltage and 
current at this type of pole are so intense that you will 
stay connected to the wires while being electrocuted. If 
your observer tries to assist, he or she will also be electro- 
cuted. There are enough access points in any given area 
that you do not need to climb a pole that has high-power 
wires attached. This is extremely dangerous and should 
always be avoided, 

Terminal boxes come ina variety of sizes. Most are 
aluminum and rectangular in shape and are slate grey or 
flat black in color. They may have sliding or hinged doors 
to allow access to the terminals. The box can be easily 
distinguished on the telephone pole; it is where the drop 
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wire pair feeds to the subscriber building. Newer termi- 
nal boxes can be found right on the telephone pair cable. 
These boxes are long, narrow units generally located a 
foot or two from the pole. 

Only common tools are required for access and hookup 
to a terminal box. If the box has a screw-type interlock on 
its doors, a flat-tip screwdriver will be needed (this is sel- 
dom encountered, but when it is, it can be observed from 
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the ground and planned for), An insulated pair of pliers is 
helpful if the operative wishes to hardwire the parasitic 
device directly to the terminal, though regular-size alliga- 
tor clips usually are better for the hookup. 

A pencil eraser is handy if there is a lot of corrosion or 
oxidation on the copper or brass terminals—a better elec- 
trical connection can be made if the terminals are cleaned 
by rubbing the eraser vigorously at the contact points. A 
small penlight with a red filter is also recommended. (The 
red filter provides ample illumination with less impact on 
the operative’s night vision, which will be needed for the 
climb down the pole.) It should be operable with one hand 
and have a pocket clip for quick access. 

If any problems are encountered in the functioning of 
the parasitic device, a small analog voltmeter with probes 
is handy for continuity and voltage checks. Rubber insu- 
lated dishwashing gloves provide a good degree of hand 
protection and a level of insulation when handling the 
lines. These gloves also eliminate fingerprints much bet- 
ter than surgical gloves. A more detailed overview of cir- 
cuit handling tools and techniques will be covered later 
in the chapter. 

The terminal box can be used to place surveillance 
devices on a line or seize a specific circuit. The terminal 
box most encountered in the United States is the Western 
Electric model NH 25. This connects directly to a stan- 
dard 25-pair cable group to provide up to twenty-five 
lines in a given area. The NH 25 has no lock or hasping 

q device; you simply pull down on the top of the faceplate 
and the terminal box opens by a hinged door. 

Terminal boxes do not have to be ona telephone pole. 
As shown in the illustration on page 164, the box can be 
mounted on a brick wall outside a building, acommon 
installation found in alleys in most cities. Note that there 
are five lines connected to this box. The illustration on 
page 165 shows the internal wiring of this Western 
Electric NH 25 terminal box. 
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A terminal box on the side of a building, common in city alleys. It is 
an excellent location for line seizure ops. 


This would be an ideal access target. The box in the 
illustration provides service to small-business subscribers 
in a downtown building. In order to make free calls, sim- 
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Detail of terminal box on building wall with cover removed. 


ply open the box and hook up to the target terminal. If you 
do it late at night when the business is closed, no one will 
detect your illegal usage until the phone bill comes. In 
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order to defeat customer-installed detection equipment, 
simply disconnect their service by removing one of their 
wires before you hook up your parasitic device. 

The subscriber line is secured to the terminals with a 
3/8-inch nut and threaded screw assembly. Use a nut 
driver or a pair of pliers to remove one or both connec- 
tions from the terminal box, then hook up the phone 
device at these terminals. This bypass denies anyone 
access to the line you are using. 

In order to deal with the risk of compromise, you also 
should have a means of detecting someone picking up a 
phone on the line you are using. When you perform a 
bypass to seize a circuit, the person who actually owns 
the phone will get nothing in the earpiece if they pick it 
up. They may assume the line is dead. A simple means 
for the operative to know if someone has attempted to use 
the line is the ohmmeter. 

Bypass the circuit by disconnecting the subscriber 
from the line at the terminal box connection. Place an 
ohmmeter on the drop wire going to the subscriber 
phone. When the phone is on the hook, it will give a read- 
ing of more than 1 million (meg) ohms. If the subscriber 
picks up the phone, the meter will immediately register a 
drop in resistance to around 20,000 ohms. If this occurs, 
disconnect your call quickly. When the meter reads above 
1 meg ohms again, the customer has hung up the tele- 
phone. Quickly reconnect the drop wire to the terminal 
box. When the customer goes to pick up the phone again, 
he will get dial tone as normal. (This problem is covered 
in more detail later in this chapter. A simple circuit is 
described that will give the operative a visual or audible 
indicator that the line is in use.) 


Network Interface 
From the terminal box on the telephone pole, the 
drop wire goes to a small connecting block on the side of 
the building close to ground level known as the network 
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interface. If it is an older home or a trailer or mobile 
home, it may be right on the pole next to the dwelling. 
Sometimes there is a surge protector between the drop 
wire and the network interface. 

Different types of terminals serve as the network 
interface in a typical telephone system. Older models are 
simply a Bakelite plastic box with two terminals inside of 
arubber housing, as in the illustration below. Newer plas- 
tic models are square covered units (page 168). 


Bakelite plastic mount 


Rubber cover 


TIP connection 
(green wire); 
+48 VDC 


RING connection 
(red wire); -48 VDC 


Mounting screw Ground connection 
(for surge protection) 


Old-style network interface common on older buildings, in rural areas, 
and in mobile home parks, where it may be installed directly on the 
pole. 
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Modern network interface. 


Since the breakup of AT&T, the various phone com- 
panies only have control of and access to the subscriber's 
phone circuit up to the network interface. In phone com- 
pany terminology, this is known as the point of demarca- 
tion, since everything beyond this point is the customer's 
responsibility to maintain and service. The phone com- 
panies generally offer a complete service plan to main- 
tain both sides of the system, but the customer has the 
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option of hooking up extensions and peripheral devices 
at his discretion and risk. If the circuit is damaged on the 
subscriber's side of the network interface, he must con- 
tact the phone company or an outside technician to repair 
it at his own expense. 

The advantage of installing a parasitic device on the 
subscriber side of the point of demarcation is that the 
phone company is unlikely to detect or observe the physi- 
cal installation of the device because it is not in their area 
of responsibility. The access point where the phone com- 
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Network interface location on subscriber's house. 


Commercial Circuit Access Strategies * 169 


ee 


pany is no longer concerned can be as little as a couple of 
feet from the interface box. Also, since the subscriber may 
have any number of devices on each line (answering 
machines, computers, fax machines, etc.), the typical volt- 
age drop on the line caused by the parasitic device is of no 
consequence to the phone company’s central office. 
(Before the breakup of AT&T, the presence of any device 
that lowered the voltage on a line alerted the phone com- 
pany that the subscriber had installed an illegal extension 
phone, which at the time was an extra charge.) 

As an access point, the network interface is probably 
the ideal location for parasitic interconnect. It is usually 
outdoors, where cover of darkness will allow quick 
access and hookup. It does involve risk, however, 
because the unit is close to the subscriber building, and 
anyone near the building late at night will be suspicious. 

Accessing the wiring of the network interface 
depends on the type of model it is. The illustration on 
Page 168 shows a 1990 model SIECOR network interface. 
This weatherproof grey plastic enclosure has a screw 
hasp on the hinged door. It also has facilities for a pad- 
lock to discourage access at this point. Although the pad- 
locked door is relatively secure, the hinges can be 
removed quite easily and then replaced once access is 
gained. (It is a relatively new industry specification to 
have physical security devices such as locks at the net- 
work interface point, though this trend is likely to contin- 
ue as the system is upgraded. The physical security of ter- 
minal boxes and network interface enclosures is to pro- 
tect against service theft and illegal wiretaps.) 

The network interface typically encountered at a resi- 
dential subscriber setup is difficult to describe. The unit 
may be decades old and heavily corroded, or it may be 
brand new and secured inside the building. Visually trace 
the drop wire from the pole to the building. It generally 
has a tension cable to secure it and feed it down the out- 
side wall of the building, where it either terminates at the 
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network interface box or feeds directly into the lower 
floor or basement, where the box is located. 


Wire Junction Box 

From the network interface there simply may be grey 
station wire running directly to the modular phone jacks 
installed in the residence. More typically there is another 
terminal box known as the wire junction box. This is the 
interconnecting block between the network interface and 
the various terminals throughout the subscriber building. 
The wire junction box is usually connected by modular 
plug to the network interface. 

The wire junction box allows multiple connections of 
telephone station wire throughout the building. The 
AT&T standard wire junction box is the model 742B, 
which allows the user to connect up to three sets of sta- 
tion wire to modular jacks throughout the residence or 
small business. 

The wire junction box is the first access point that the 
operative can rely on to be free from detailed inspection 
by TELCO service technicians. If you are able to access 
this box (it is usually rectangular and grey or light beige 
in color, with a regular screw in the center of the outside 
cover), remove the cover and see if there is a spare termi- 
nal from which you can run your parasitic interconnect. 

By gaining access to the junction box, the operative 
will be able to determine how technically compatible the 
target line is to a number of parasitic devices. All tele- 
phone devices consume a specific amount of current 
from the line. If you hook up a device that consumes too 
much current, the subscriber’s phone may be affected. It 
may not ring as loud or it may have a recognizable drop 
in the audio level he hears. This potential problem is not 
common, but it could be if you intend to hook up a device 
for eavesdropping such as a radio-controlled tap that uses 
the phone line voltage to function. 

All telephone devices—including fax machines, com- 
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Internal and external view of an AT&T 742B wire junction box. This 
device can be purchased from a variety of sources. Note: Junction 
color code connections may not be in this sequence. Check internal 
Jayout and verify color codes on each unit. Also note that if three con- 
nections of high-drain equipment are already on-line at this junction 
box, a parasitic hookup may affect the REN number. 


puter modems, answering machines, etc.—are assigned a 
ringer equivalence number (REN), which is marked on 
the unit along with its FCC registration number. The tag 
on a typical AT&T phone would read something like this: 
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Complies with Part 68, FCC Rules 
FCC Reg. No. AS52UD-10461-TE-E 
RINGER EQUIVALENCE 0.4A & 0.7B 
AT&T Technologies, INC. 


The two ringer equivalence numbers describe the rel- 
ative load the phone puts on a line when on and off the 
hook. Most phone company installations can handle up 
to 5.0 REN on any given line. (Thus the subscriber could 
hook up seven of the above phones with no problem.) 

If there are three lines of station wire going through 
the junction box, it may be risky to place certain devices 
on the line since each station wire may, in fact, go to two 
or three phones. Most of the parasitic phone taps on the 
commercial market place a substantial drain on the 
phone line. These devices are, of course, not FCC regis- 
tered, and no REN number is provided. Placing such a 
device on a heavily used line will prevent all the phones 
in the residence from ringing. 

The junction box is a very good location in which to 
place a device, but the load placed on the line has to be 
considered. Though overloading a line is rare, it is 
becoming more of a concern as new devices such as fax 
machines and computer terminals are hooked up to 
phone lines. The FCC generally only allows registration 
of devices that have an REN of 1.0 or less, meaning about 
five devices usually can be placed on a line with no prob- 
lem. 

In a large apartment building or business location, the 
wire junction box is much larger, being a board with hun- 
dreds of pairs of connections. In most cases, it is surpris- 
ingly accessible in these buildings. It is frequently found 
in acleaning supply closet in an office building, or ina 
storage closet or laundry area on the first floor or base- 
ment of an apartment. 

For surveillance hookups, cable rerouting, and 
spare-pair interconnection applications, the wire junc- 
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tion box in these buildings is ideal. The large number of 
multicolored wires running in and out of these boxes 
will allow the operative to creatively employ a number 
of techniques without alerting an untrained observer. A 
phone company technician may not even notice your 
work if it is done carefully and employs standard 
TELCO station wire. 

Access to the junction box requires access to the 
premises. If the target is a residence, the operative will 
probably be involved in breaking and entering to get to it. 
If the target is a business or large apartment, the wire 
junction frequently is in a neutral area, and the only 
direct risk is trespassing. 


Station Wire 

From the wire junction box, the phone circuit contin- 
ues to each phone or modular plug through a four-con- 
ductor cable known as station wire. This wire is usually 
grey or beige in color, and can be traced from the network 
interface or the wire junction box to the modular plug or 
phone. The wire is 22-26 gauge, unstranded, copper coat- 
ed, and has a “stiff” feel when handled in the dark. It is 
often fastened along baseboards with U-shaped staples or 
nails. 

There are some general characteristics of telephone 
station wire that make it suitable for a variety of parasitic 
hookups. These include: 

1. OUTSIDE INSULATION. This is the jacket on sta- 
tion wire. It is generally grey rubber or plastic, 3/8- to 1/4- 
inch wide. Braided metal shielding is usually not used as 
outside insulation. The rubber material is easy to pierce 
or cut, so inductive probe devices are compatible with 
this configuration. 

2. INNER CONNECTION WIRES. Usually four to six 
color-coded wires are found inside station wire. These 
wires are paired for each phone. The most common con- 
figuration in 95 percent of American homes is four-con- 
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ductor D station wire in a grey rubber jacket. D station 
wire has no wire braid between the jacket and the four 
conducting wires, and the color codes are as follows: 


e¢ RED—RING. Connects to the negative side of CO bat- 
tery. 

¢ GREEN—TIP. Connects to the positive side of CO 
| battery. 
| ¢ YELLOW—Not used normally, but may be used for 
\ second line RING. 
¢ BLACK—Not used normally, but may be used for 

second line TIP. 


D station wire is easy to identify and generally easy to 
access. In many locations it runs directly out of pay 
phones, and a pay phone terminal is probably the ideal 
penetration point. It is used as a drop wire from the 
phone to the terminal box in this configuration. 

Six-conductor station wire can be encountered in 
some homes. Besides the telephone circuit, it is also used 
to connect alarm systems and intercoms. Its color code 


sequence is as follows: 

¢ BLUE with white bands—Corresponds to D style 
RED. 

¢ WHITE with blue bands—Corresponds to D style 
GREEN. 

¢ ORANGE with white bands—Corresponds to D style 
YELLOW. 

¢ WHITE with orange bands—Corresponds to D style 
BLACK. 

¢ GREEN with white bands—Corresponds to D style 
RED. 

¢ WHITE with green bands—Corresponds to D style 
GREEN. 


Note that six-conductor station wire has some stan- 
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dardized characteristics. A solid color with white bands is 
always the ring or negative (-) connection. White wire with 
colored bands is always the tip or positive (+) connection. 

One useful characteristic of all station wire is that it 
is usually installed away from electrical wiring and 
other noise-generating devices. This makes hookup of 
microphones to the “spare pair” (yellow and black 
wires) both an opportunity and a threat to the opera- 
tive—the relatively noise-free line is easy to monitor, yet 
a listening device would be easy to detect. As with the 
junction box, access to the station wire is usually safe 
from observation from the phone company; however, 
the operative must gain access to the premises to install 
a parasitic device on the line. 

Accessing the station wire along its route rather than 
at a junction terminal or plug is recommended. This 
requires a few tools and a small amount of practice. The 
fastest and most reliable techniques are insulation dis- 
placement and flame splicing. 

Insulation displacement applies to several tech- 
niques. In this context, it is the method of connecting toa 
station wire by piercing the color-coded insulation of the 
internal wires with a large needle and “sewing” ina fine- 
gauge interconnect splice. It is fast and easy to remove. 
The tools required for this include: 

1. A SMALL, SHARP KNIFE. X-ACTO knives are 
excellent, but any small pen knife is adequate as long as 
it is razor sharp. 

2. SEWING NEEDLE. The type used for sewing 
leather goods is fine. Larger cloth needles work, too. 

3. WIRE WRAP WIRE. This is thin 30-gauge hookup 
wire used by hobbyists. If it is not available, laminated 
28- to 30-gauge bell wire may be used (though it is neces- 
sary to burn off the painted lamination and sand about an 
inch on each end for good conductivity). Wire wrap wire 
comes in a variety of colors and quantities from outlets 
such as Radio Shack. 


4, GREY TAPE. This is optional. Standard duct tape is 
almost exactly the same color as D station wire and can 
be used to cover the incision if the cut cannot be made on 
the underside of the wire. Glue can also be used. 

The procedure for insulation displacement is as follows: 

1. Find an accessible spot in the line and carefully pull 
on the station wire to raise it about 2 to 3 inches away from 
the baseboard or wall. 

2. Make a light incision with the knife about 1 inch in 
length along the underside of the wire. 

3. Use the blunt end of the needle to pull out the red 
and green wires about 1/4 inch from the inside of the 
jacket. It need not be out too far for the job. 

4. Thread the needle with the wire wrap wire or lami- 
nated bell wire. Push the tip into the insulated red wire 
and feel the solid metal interior. Pull the stripped wire 
wrap wire back through and remove it from the needle. 
Tie it securely in place. Do the same for the green wire. 
WARNING: If the phone rings during this step, you will 
receive a painful but nonlethal shock. It may, however, 
cause you to yell out, revealing your presence. 

5. Carefully place the wire wrap wire behind the sta- 
tion wire and feed it along the same route to the parasitic 
hookup and verify function. HINT: Marking each wire 
wrap wire red and green or using color-coded wire elimi- 
nates the need to verify polarity. 

6. Push the red and green wires back in the jacket, 
remold the wiring in the jacket, and close the incision 
with a dose of super glue. Before the glue dries, push the 
cut side of the station wire against the baseboard or wall. 
The glue will cause your parasitic hookup to be com- 
pletely concealed and difficult to locate. 

Once function is verified, this parasitic hookup can 
be used from anywhere close-by. If the station wire is in 
carpet, the wire wrap wire can be sewn right through the 
lower pile of the carpet. This approach is useful if, for 
example, the parasitic hookup is run from the spare pairs 
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(black and yellow wires) to a microphone under a table in 
the target room. 

Insulation displacement takes a great deal of prac- 
tice. Purchase some station wire from an electronics 
store and do some mock installations before attempting 
it at an active location. Practice this technique crouch- 
ed down on your knees, since in most cases you will be 
doing so in a real scenario. Have your wire prepped and 
ready and check your tools. Verify that the glue will 
flow easily. Make sure the knife is scalpel sharp. The 
needle can be sharpened on an emery board—the 
sharper the needle, the easier the insulation displace- 
ment is to execute. 

Insulation displacement of station wire has many 
applications, from pay phone parasitic hookups to 
telephone taps and audio surveillance work. It is diffi- 
cult to detect and, when done properly, is fast and reli- 
able. 

Flame splicing is for outdoor applications. The opera- 
tive gains access to the station wire feed from a pay tele- 
phone or interior run and performs this maneuver to gain 
access to the line. 

Tools required for flame splicing include: 

1. X-ACTO KNIFE. 

2. LIGHTER OR MATCHES. Matches are easier to use. 

3. MODIFIED SAFETY PIN. Use needle-nose pliers to 
bend a hook on the tip of a large safety pin, as shown in 
the illustration on page 179. 

4. ALLIGATOR CLIPS. These should be connected to 
the modified handset telephone. 

Flame splicing generally is a fast temporary hookup— 
the operative can teach it to specific cell members to 
defeat a pay phone, for instance. Flame splicing should 
not be employed indoors, where it will produce a charac- 
teristic odor that is hard to remove. The technique is risky 
to perform at night, and it also temporarily denies the 
operative his night vision. 
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Modified 
telephone 
handset 


Flame splicing. 


Flame splicing is executed as follows: 

1. Locate and access the station wire. Make a 1- to 2- 
inch incision in the grey jacket with the knife. 

2. Use the modified safety pin to pull out the green 
and red wires about 2 inches from the jacket. 

3. Use a match to burn off the rubber insulation on the 
red and green wires about 1/4 inch. Do this at two differ- 
ent points along the wires: if the splice on each connec- 
tion is too close together, the wiring will short out and 
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cause the connection to fail, which will call the attention 
of service personnel. NOTE: The station wire will burn 
very fast. Blow out the flame as soon as it “catches” on 
the insulation. It will burn a quarter inch in less than a 
second from ignition. 

4. Using the back of the knife blade, scrape the burned 
plastic and soot from the wire. Connect the alligator clips 
and make the call. 

5. When you are finished, push the wires back in the 
jacket and remold the jacket to conceal access. 

Flame splicing can also be performed on drop wire 
and other connecting cables, and it is good for quick 
access to alarm wire and sensor feeds. The technique 
requires practice and knowledge of the burning charac- 
teristics of the insulation around the wire. 


Modular Plug 

The station wire runs from the junction box to a plug- 
in jack known as a modular plug. Since 1974, the tele- 
phone company has used these types of plugs to install 
telephone systems. 

The standard AT&T modular plug is the model 725A. 
This surface-mounted modular jack can be found in most 
American homes. It is common to insert a small micro- 
phone inside the jack’s housing and put a small hole in 
the underside of its faceplate so air can circulate freely 
and provide audio to the mike. 

Access to a modular plug is seldom possible without 
risking OPSEC. However, there are characteristics of the 
modular plug that make it a useful access point for para- 
sitic interconnects. 

1. PROXIMITY TO TARGET. An audio microphone 
running the route of the black and yellow spare pair can 
be installed inside every modular plug in a residence. 
This is an excellent means of collecting voice data. 
Routing the microphones to a nearby junction box and 
then to a radio or infrared device allows the operative to 
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Red RING (- voltage) ante bcs 


Cover Screw holes 
threads for wall 
mounting 
Green TIP 
(+ voltage) Black (spare) 


Modular plug commonly found on most homes in North America. 

Illegal extensions and line bugs are connected to red and green points. 

The “spare pair” yellow and black connections can also be used to 
ire” a building or residence with listening devices. 


bypass a countermeasures threat because the actual trans- 
mitting device is not in the room, only the microphone is. 
The spare pair wires can function as a long wire antenna 
for the listening device to give it extended range. 

2, PROTECTION. When a telephone transmitter is 
installed directly inside the modular phone jack, it is 
indoors and thus protected from the weather. It also is con- 
cealed from view inside the jack (and telephone company 
personnel do not generally get near this jack during their 
service work). This eliminates several operational threats. 

The disadvantages of working with the modular plug 
should be obvious. If you have gained access to the mod- 
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ular plug, you have probably gained access to the pre- 
mises illegally. Besides, if you have access to the modular 
plug, you also must have access to the actual telephone 
and can simply make your call from it. Therefore, the sta- 
tion wire is the last realistic access point available to the 
operative. The modular plug is more suited for surveil- 
lance/collection ops. 

Both the wire running to the phone and the phone 
itself can be used in surveillance applications, but they 
are extremely vulnerable to physical inspection. Service 
theft at this point is not recommended. 


Hardware for Telephone Circuit Work 

The essential tools for telephone service theft will 
vary from operation to operation. The tools and equip- 
ment described in this section are intended to fulfill a 
variety of access and surveillance needs. 

As stated earlier, parasitic interconnect is quite simi- 
lar to telephone tapping in both access points and proce- 
dure. The wiretapping specialist is known in the intelli- 
gence community under a variety of titles and descrip- 
tions, from electronic surveillance operative (ESO) to 
wireman. These terms describe an experienced electron- 
ics technician who specializes in phone communications 
intercept and countermeasures. 

Before discussing the tools, hardware, and tech- 
niques of this specialized occupation, something has to 
be clarified to the operative. Possession of the tool kit 
described in the following pages is illegal in any juris- 
diction if it can be established that it is to be used for 
intercepting communications by wire or for attaching 
foreign devices on a commercial telephone circuit. 
Operatives have been caught and convicted of simple 
possession of this type of hardware and imprisoned for 
many years. In fact, there are cases that involved no 
physical possession of this hardware but simply the 
“intent” to possess and use it. A quick review of U.S. 


case law regarding this equipment may help you in 
your OPSEC planning. 

In 1969, a legendary wireman was arrested and con- 
victed of “conspiring to provide technical information 
about electronic eavesdropping techniques.” Bernard R. 
Spindel was one of the best telephone surveillance spe- 
cialists in the world. He was trained by the U.S. Army 
Signal Corps and served in the Office of Strategic 
Services (OSS) as a specialist in wiretapping during 
World War II. 

Spindel perfected the art of electronic telephone 
intercept by bringing the hardware into the transistor age. 
He worked in and out of government and private circles 
for years after the war. He served as technical advisor to 
the New York City Anticrime Commission with William 
Donovan (former director of the OSS and one of the 
founding fathers of CIA). Spindel’s career has been un- 
equaled in the wiretapping field. His creative expertise in 
the craft brought government, business, and even orga- 
nized crime to his doorstep for advice and assignments 
throughout his life. 

Most of Spindel’s government and private assignments 
were for illegal wiretaps. In fact, according to the U.S. gov- 
ernment, Spindel was so good at what he did that even 
when it had solid testimony on his activities, none of his 
wiretaps could be traced back to him. What finally put 
Spindel in prison and ultimately ended his career is some- 
thing that all operatives should consider very carefully. 

In 1969, a licensed private investigator was retained 
by a wealthy heir to the A&P grocery store chain by the 
name of Huntington Hartford. Hartford suspected that his 
wife was having an affair, so he retained the investigator 
to bug his wife’s apartment and tap her phone. The inves- 
tigator was not an expert on the subject of wiretapping, 
but he had done it several times with fairly good results. 
Nonetheless, he asked Bernard Spindel for some techni- 
cal advice. 
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Spindel did not install the tap, build any device for the 
investigator, or monitor any recordings that the investiga- 
tor made. Spindel only gave advice as a favor. Upon doing 
so he committed a felony, as it was (and is) a crime to even 
discuss the technical aspects of a wiretap with another 
individual. Spindel was convicted and sent to prison. 

It is a crime to possess or sell any device that is 
intended to be used for eavesdropping or wiretapping. If 
you are caught transporting any such device, tools, or 
hardware across state lines, you have committed anoth- 
er felony. There is little legal difference in U.S. case law 
regarding the intentional placement of any “foreign 
device on the commercial telephone system” for collect- 
ing information or stealing service. In other words, if 
you are caught in the act of possessing tools that enable 
you to use the commercial phone lines illegally, you 
may also find yourself charged with illegal wiretapping. 
If you are caught even discussing such activities, as in 
the case of Bernard Spindel, you can be arrested, 
charged, and convicted of violating Section 801 of Title 
III of the U.S. Code w(1)g, which relates to “conspiracy 
to provide technical information about electronic eaves- 
dropping techniques.” 

Thus the most significant risk involved with parasitic 
interconnect is that it involves the commission of a num- 
ber of serious crimes. This risk should not be underesti- 
mated. A parasitic interconnect will be prosecuted under 
its own statutes, but the method you employ is in fact 
prosecutable under the above federal title. You will not 
have the legal defense of claiming you were only making 
a free phone call. You will probably be charged with both 
crimes. Discussing your techniques, “showing off” your 
tools or equipment, and teaching others how to employ 
these skills are all federally prosecuted criminal acts. 

The point is that failure to carefully consider the legal 
ramifications of the employment of these techniques, 
possession of these tools and devices, and the casual 
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“sharing” of this information will result in your entire 
operation being burned. Individuals caught and convict- 
ed of conspiracy in this area have been sentenced to 
longer prison terms than individuals caught carrying 
concealed automatic weapons, building and using home- 
made silencers, and illegally transporting explosives. As 
you collect your tools and develop your skills, keep in 
mind that you are already committing a crime even before 
you attempt your first parasitic hookup. 

Possession of this manual along with the tools 
described herein will be probable cause for a search of 
your premises and surveillance against you. Depending on 
your situation, the act of reading this manual alone could 
be considered the act of conspiring to violate a criminal 
statute. This is not meant to intimidate as much as it is to 
inform you. Collecting the hardware is what puts you on 
the other side of the law. Proceed with caution. 


The tools required to conduct telephone service theft 
and wiretapping must perform the following three tasks: 

1. CONSTRUCTION OR MODIFICATION OF SPE- 
CIALIZED EQUIPMENT TO HOOK UP ON THE PHONE 
CIRCUIT. Electronic kit building, disassembling and 
altering telephone equipment, fabricating connecting 
jacks, and so forth must be accomplished. 

2. CIRCUIT ACCESS. This includes splicing, testing, 
and analyzing lines, gaining entry to enclosures and 
premises, and installing the parasitic device. 

3. STERILIZATION. This includes “cleaning up” 
installations, avoiding signature impressions, taking 
counterdetection measures, and so on. 

Combining these three prerequisites with the need for 
the tool kit to be concealable and functional requires the 
careful consideration of each item in the kit. Fortunately, 
there are a number of “combination” type tools available 
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that can help in this regard. In fact, the entire kit can be car- 
ried in pants pockets if the following items are selected. 
1, 


VICTORINOX “SWISSCHAMP” SWISS ARMY 
KNIFE. 
LEATHERMAN “MINI TOOL” UTILITY KIT. 


. PORTASOL BUTANE SOLDERING IRON. 


THIN SOLDER. 
ELECTRICAL TAPE. 
SAFETY PINS. 
RUG-SEWING NEEDLE. 


. PENCIL WITH ERASER. 
. PAPER CLIPS. 
. BECKMAN POCKET-SIZE VOM MODEL “CIR- 


CUITMATE DM78” WITH PROBE KIT. 


. AT&T TELEPHONE LINE TESTER AND INSTAL- 


LATION TOOL, MODEL 953B. 


. PELICAN “MITY LITE” PENLIGHT WITH RED 


LENS FILTER. 


. TWO-FOOT SECTIONS OF 24-GAUGE RED, 


GREEN, BLACK, AND YELLOW WIRE. 


. ONE 20-FOOT ROLL OF 30-GAUGE WHITE 


WIRE WRAP WIRE. 


. DISHWASHING GLOVES. 
. FIFTY FEET OF FOUR-CONDUCTOR STATION 


WIRE, AT&T STANDARD D (OPTIONAL). 


. INSULATED ALLIGATOR CLIPS, SMALL AND 


MEDIUM SIZE. 


. SUPER GLUE. 
. RUBBING ALCOHOL IN NASAL INHALER BOT- 


TLE. 


. Q-TIPS. 
. MODULAR PLUGS (OPTIONAL). 
. SPLICING TOOLS (OPTIONAL). 

OPSEC is a major consideration in selecting the above 
tools. Most of them are not suspicious to own or use, have 
“innocent” applications, and are less incriminating than 
some of the alternatives. 


Victorinox SwissChamp Swiss Army Knife 
This is the largest Swiss Army Knife made. It has a 
total of twenty-nine tools, many of which serve more than 
one function. The entire unit weighs about 6 ounces and 
can be placed in a Cordura nylon case that fits on a belt or 
in a pocket nicely. It is insulated with a plastic covering 
for safety. 
Here is an inventory of the tools contained in this tiny 
package: 

1, LARGE KNIFE BLADE. 

2. SMALL KNIFE BLADE. Useful for station wire 
incisions. 

3. CORKSCREW. 

4. CAN OPENER. 

5. BOTTLE OPENER. 

6. SMALL SCREWDRIVER. Perfect size to open 
modular plug boxes and junction boxes. 

7. LARGE SCREWDRIVER. For opening terminal 
boxes and network interfaces. 

8. PHILLIPS HEAD SCREWDRIVER. Good size for 
opening handsets, etc. 

9. WIRE STRIPPER. Works well on station wire. 

10. REAMER. Its sharp point can be used to put a 
small hole in the modular jack for microphone 
installation. 

11. SCISSORS. Can be used to cut and strip wire. 

12. MAGNIFYING GLASS. Excellent for verification 
of solder joints. 

13. WOOD SAW. Can be used to cut access holes in 
dry wall or wood. 

14, FISH SCALER. 

15. NAIL FILE. 

16. METAL FILE. Useful for sanding lugs and connec- 
tions for soldering. 

17. METAL SAW. As good as a hacksaw for removing 
padlocks or cutting chain link fence for access. 

18.FINE SCREWDRIVER. About 1/8-inch wide. 
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Victorinox SwissChamp. (Illustration 
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‘ictorinox Si 
courtesy of Mark Camden) 


Good for terminal box wiring and screws inside 
jacks. 

19. MINI SCREWDRIVER. This tiny 1/16-inch-wide 
insulated tool is in the corkscrew and can be used 
to fine-tune listening devices, etc. 

20. KEY RING. Attach your four sets of two-foot wire 
sections to this. 

21, TWEEZERS. Useful for “heat sink” applications 
when soldering. 

22, TOOTHPICK. This can be jammed down in a hook 
switch to keep the phone on the hook while “ser- 
vicing” the handset. 

23. CHISEL. 

24, PLIERS. These can be used to remove 1/4-inch 
nuts and for soldering. 

25. WIRE CUTTERS. 

26. BALLPOINT PEN. For making quick notes about 
wiring layouts before doing any creative rerouting 
at ajunction box. 

As you can see, this small tool can be used in a vari- 
ety of tasks. Of course, like most combination tools that 
have many functions, this one is not perfectly suited to 
any one task—it does a lot of things fairly well. Practical 
limitations experienced with this tool include the wire 
cutting and gripping ability. For this you need another 
combination tool. 


Leatherman “Mini-Tool” 

The Leatherman Mini-Tool is an extremely durable 
fold-up tool that comes with a twenty-five year warranty. 
It has more heavy-duty applications than the Swiss- 
Champ, which makes it a good addition to a kit. Here are 
the tools on the Leatherman: 

1. SMALL KNIFE BLADE. 

2. HEAVY NEEDLE-NOSE PLIERS. These can be 

used to hold circuit parts as well as remove up to 
3/4-inch lug bolts. 
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3. WIRE CUTTERS. These will cut any type of elec- 
trical wire. They will also cut barbed wire and 
chain link fence. 

4, FLAT-TIP SCREWDRIVER. Ifa screw is set tightly, 
this driver is strong enough to loosen it, where the 
SwissChamp may not be able to handle the strain. 

5. FILE. This heavy-duty file can be used on most 
hard metals. 

6. CAN OPENER. 

7. BOTTLE OPENER. 


Leatherman Mini-Tool, Excellent for illegal phone work. (Illustration 
courtesy of Mark Camden) 


The Leatherman Mini-Tool folds up into a 2 1/2 x 1-inch 
package that fits into a small Cordura nylon pouch, which 
has an extra internal pocket for a small amount of wire, sol- 
der, or folded 3 x 5 cards for note taking. It does not perform 
nearly as many of tasks as the SwissChamp, but it does bet- 
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ter at those tasks that it is designed to do, A rubber band 
around the grip allows the operative to use the Leather- 
man’s pliers as a minivise to hold tiny circuit boards or parts 
while soldering. Wrapping a layer of electrical tape around 
the grip creates an insulated pair of pliers for working safely 
with the heavy lugs on a terminal box. 

With the Leatherman and the SwissChamp, you have 
over thirty-five different tools available in your pocket. 
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The butane-operated Portasol is an 
excellent field tool for soldering wire 
taps and parasitic devices covertly 
anywhere along a phone line. (Illus- 
tration courtesy of Mark Camden) 
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Portasol Butane 
Soldering Iron 

This is a small, por- 
table soldering iron im- 
ported from Ireland. It 
has a variety of tips, in- 
cluding large and small 
soldering tips, a cutting 
tool, and even an attach- 
ment for welding. A 
“clone” model of this 
tool is available from 
Radio Shack. 

The Portasol is 7 
inches long and 3/4- 
inch wide, about the size 
of a large Magic Marker. 
It is self-contained with 
a flint striker on the cap. 
The fuel regulator and 
refill nozzle are on the 
bottom of the main unit. 
The Portasol comes with 
a clip on the lid that 
allows it to fit in a shirt 
pocket and is light 
enough to be carried on 
every job. 


In telephone work, you may want to solder the para- 
sitic device directly on the line. For this you can wrap a 
small amount of solder around the main body of the 
Portasol. The finest-gauge solder available is recom- 
mended (such as Chemology 60/40 .031 inch). Several 
feet of electrical tape can be wrapped around the handle 
of the iron for quick use, since after soldering you will 
want to tape the connection. 


The tiny Circuitmate DM78 is an excellent pocketsize VOM for check- 
ing continuity, verifying line voltage, checking if a line is in use, etc. 
Precise measurements can be made quickly even while working on a 
telephone pole. (Illustration courtesy of Mark Camden) 


The optional knife blade for the Portasol can be used 
to cut through any type of plastic quickly. This is particu- 
larly useful in Europe and some newer phone company 
installations where the network interface is locked or 
secured. This “hot knife” is also useful for equipment 
modifications and accessing TELCO terminals. 


192 * SPYCOMM 


The Portasol can be adjusted to solder with a small 
amount of heat or with a very high temperature for lug 
connections. I have been soldering various components 
for more than twenty years using different soldering 
irons, but the Portasol has been the only one in my kit 
for three years now. It is extremely reliable, heats up to 
melting temperature in about thirty seconds, and works 
well outdoors as long as you shield it from high winds 
when igniting the fuel regulator cell. The Portasol is 
refillable with any type of cigarette lighter butane can, 
and it will run for over an hour on one filling. A damp 
rag is handy to wipe off the tip as you solder so it will 
heat up quickly at every ignition and last a long time. 
This unit is a low-maintenance, compact tool good fora 
variety of jobs. 


Beckman VOM Model “Circuitmate DM78” 

This is an inexpensive multimeter that is smaller than 
many fold-up electronic calculators. It is used to deter- 
mine ifa line is functional, is currently in use, or ifa par- 
asitic device is properly installed. The high-impedance 
sensory characteristics of this VOM (volt ohm meter) 
allow it to be connected to an occupied line with no tell- 
tale “clicks” heard by the user on the line. 

The Beckman requires a small lithium “button cell” 
battery that lasts many months. The unit has a low-bat- 
tery indicator and an audible continuity-indication 
piezobuzzer. The digital meter is more fragile and actual- 
ly slower in response than an analog multimeter, but it is 
more accurate and seems to hold up better in high humid- 
ity since there is no mechanical movement to consider. 
The meter is also much lighter and less bulky than an 
analog unit. Still, many operatives prefer an analog meter 
for pole climbing (such as a cheap Radio Shack pocket 
model) because it is faster and, if dropped, costs less than 
$10 to replace. 

Pocket-size VOMs are available at Radio Shack stores 
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The AT&T HT-5200 cord- 
Jess phone handset can be 
used as part of a covert line 
seizure when the base unit 
is modified as outlined in 
the text. (Illustration cour- 
tesy of Mark Camden) 
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and from many mail-order out- 
lets. The choice of digital or ana- 
log type is up to the operator. 


ATST Line Tester and 
Installation Tool, Model 953B 

This small, inexpensive tool 
is the Swiss Army Knife of tele- 
phone line installers. Designed 
by AT&T for use by home instal- 
lation do-it-yourselfers, it is 
pocket size and easy to use. It 
can test a line and hookup for 
function and verify that an 
installation is properly per- 
formed. It verifies line polarity, 
and the back of the unit has a 
wire-stripping tool. The tester 
plugs directly into a modular 
jack. A VOM can perform the 
basic functions of this device, 
but the 953B is faster for “go/no 
go” tests. A simple modular 
plug modification allows this 
handy tool to be used outdoors 
at night. 


Pelican “Mity Lite” AAA 
Penlight 

This extremely durable pen- 
light is bright and powerful. It 
uses a xenon bulb instead of a 
normal incandescent bulb (xen- 
on is used in flashbulbs on cam- 
eras). The Pelican Mity Lite was 
designed to FBI specifications 
and has a small magnetic end so 


it can be placed on a metal surface while the operator 
works. It is durable, waterproof, and can be turned on and 
off with one hand. 


Field Techniques for Line Seizure 

There is a suitable telephone line to seize on virtually 
every street corner and in every building in North 
America and Europe as well as most parts of the rest of 
the world. A city contains literally millions of access 
points at which line seizure can be effected. 

The following are the sequence of events of line seizure: 

1. PREMISSION SURVEILLANCE. During the day, 
select a site along a seldom-traveled path. Make careful note 
of traffic, vehicles parked in the area, street lighting, and 
residential windows from which observation could occur. 

Note escape routes that permit only foot pursuit, thus 
limiting vehicular pursuit. Most ops of this nature will be 
conducted at night, and the target line will belong to a 
business subscriber. This limits risk and permits access 
to an area that is quiet after business hours. 

2. EQUIPMENT PREPARATION. Note the type of 
access point and its physical characteristics. Do a “walk 
through” on a mock-up so you know exactly what you 
wish to accomplish. Have all equipment concealed yet 
instantly accessible. With the right gear and skilled 
hands, line seizure should take no longer than two min- 
utes unless a pole must be climbed. Cordless phone or 
radio tap devices can be wired and emplaced quickly if 
the actual conditions for installation are considered 
carefully. 

3. TEMPORARY COMMAND POST. This is an area that 
will allow visual observation of the target site prior to 
seizure and during actual use of the line. The CP can be a 
vehicle parked some distance from the target access point. 

Surveil the area and have the equipment ready to go. 
Hook up and go back to the CP to make calls. Line of sight 
allows good radio signals to be sent back to the CP while 
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providing a degree of physical surveillance of the area 
and target terminal. 

4. PREPLANNED CONTACTS AND CODES. Once 
“on-line,” make the calls brief and concise. Assume you 
are being monitored. Use all protocols and codes clearly 
and get your message through as quickly as possible. If 
you are conducting a pay phone call, use another pay 
phone to arrange the call with your contact, then go to 
line seizure to call the specific pay phone. Do not discuss 
methodology or line seizure over the telephone, ever. 

5. EXTRACTION. Once contact is complete, observe 
the target area for a possible ambush. Go to the hookup, 
restore the subscriber line, retrieve all equipment, and 
police the area visually for any tools or marks left at the 
scene. Never use the same target line twice. Maintain a 
substantial distance between each seized access point. 
Do not develop any identifiable pattern in line seizure 
such as always hitting a specific type of terminal box or 
network interface. 


Modified Cordless Telephone Set 

A cordless telephone is a two-way radio link between 
a base unit and a hand-held telephone. The base unit is 
connected to the telephone line, generally through a 
modular jack in the users residence. Ten million cordless 
phones were sold in the United States in 1989. 

Making four simple field modifications to a cordless 
phone will allow it to be hooked up outdoors next to an 
accessible terminal box on a pole or a network interface. 
It can be quickly mounted, wired, and operational within 
minutes. It can be modified to extend its effective range 
to several city blocks, and the entire unit can be left unat- | 
tended until another contact is required. 

The four modifications required are: 

1. Connection to a DC power source. 

2. Redesign of base unit antenna for extended range. 

3. Modification of input jack for direct wire hookup. 
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4, Encapsulation of base unit housing for outdoor use. 
In order for the finished product to be useful and fully 
functional, it is important to start with a good basic unit. 
The market has been deluged with many models of cordless 
telephones, but those manufactured after 1988 tend to be of 
higher quality and are more reliable than earlier models. 
One make of cordless telephone that is well made and 
seems to be extremely durable is the AT&T HT 5200. It is 
an excellent cordless telephone for parasitic application. 
The base unit’s power supply is a wall transformer that is 
already external to the base. This unique design feature 
makes field modification quick and easy. The external 
power supply is a twelve-volt DC 200mA unit that con- 
nects directly to the base unit’s main printed circuit 
board through a rubber grommet next to the modular 
jacks and base antenna at the top of the unit. 
The modifications to make the HT 5200 suitable for 
outdoor line seizure can be done in about fifteen minutes 
with the following materials: 
1. RADIO SHACK MODEL 270-407 EIGHT AA BAT- 
TERY HOLDER. 

2. TWENTY FEET OF D STATION WIRE WITH 
MODULAR PLUG ON ONE END. 

3. TWO MEDIUM-SIZE ALLIGATOR CLIPS. 

4. ONE ARMY SURPLUS 7.62MM M13 200-CAR- 
TRIDGE AMMO CAN (10 x 7 x 4 inches). 

5. HOOKUP WIRE. 

6. SOLDER. 

7. TAPE. 

8. PORTASOL SOLDERING IRON. 

9. SMALL PHILLIPS HEAD SCREWDRIVER (Victor- 

inox SwissChamp works fine). 

Modification is fairly straightforward. Start by prepar- 
ing the station wire. The grey-jacketed AT&T D station 
wire will function as both an interconnect and a long- 
range antenna for the HT 5200. Connect a modular plug 
to the red and green wires on one end of the 20-foot sec- 
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tion of station wire. On the other end, hook up two insu- 
lated alligator clips. These two clips do not have to be red 
and green in color, but they should be connected to the 
red and green wires, and the corresponding color codes 
should be noted. Also, strip one end of the yellow station 
wire to function as an external antenna. 

The Radio Shack AA battery box has a standard clip 
connection for a nine-volt DC transistor radio battery. 
Bypass this connection on the underside of the unit 


Remove antenna 
and route cables 
through hole 
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View of circuit board of AT&T HT-5200 cordless phone base unit. 
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and connect two pieces of hookup wire to the termi- 
nals. Install the batteries and test the connections for 
12 volts DC. 

Open up the bottom of the HT 5200 base unit by 
removing the four Phillips head screws on the underside 
of the case. Gently lift off the cover and pull it to the right. 
There is a sixteen-pin ribbon cable that connects the face- 
plate to the main printed circuit (PC) board. Carefully 
unplug this unit. 

This PC board is well constructed and durable, but 
there are some important handling rules that must be con- 
sidered. On the PC board are six integrated circuit chips as 
well as a number of transistors and other semiconductors. 
Do not touch these chips. The small amount of static elec- 
tricity in your body could easily damage these sensitive 
units, The basic rule of thumb for working around PC 
boards is to have clean, dry hands and good lighting. 

Note at the top right that the antenna, power jack, and 
modular phone jacks feed into the PC board from the out- 
side of the case. Use your Phillips head screwdriver to 
remove the antenna from the PC board; connect the yel- 
low lead from the station wire to this terminal. Ensure 
that the antenna connection to the PC board is still intact. 
Plug the modular jack into the modular plug and the sta- 
tion wire is installed. 

Solder the battery leads to the terminals where the exter- 
nal power supply feeds into the PC board. Make sure the 
polarity is correct. (You may feed the station wire and the bat- 
tery connections into the hole left by the removed antenna.) 

Verify all connections for good solder joints and plug 
the sixteen-pin ribbon cable back into the main PC board. 
Put the unit back together and replace all four screws in 
the bottom. 

Connect the alligator clips on the other end of the sta- 
tion wire to a working line and attempt to make a call 
with the remote unit. If everything has been connected 
properly, you should be able to use the phone. Note that 
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you do not cut the normal power supply wires from the 
PC board. You want to keep the plug-in supply with the 
unit so you can recharge your remote battery cells from a 
plug. (When recharging the remote or when using the 
modified unit with AC, make sure you remove the batter- 
ies from the battery box or they will be damaged and pos- 
sibly explode from the 12 volts DC from the adapter.) 

The HT 5200 with remote, station wire, and battery 
box will fit snugly inside a standard 7.62mm military 
ammo can. This provides the unit with a tough external 
case for transport and weather protection for outdoor 
deployment. (NOTE: These ammo cans cost a couple dol- 
lars on the surplus market, but it is important to make 
sure that the rubber seal around the lid is intact and in 
excellent condition. Prior to deployment, place newspa- 
per in the can, close it up, and submerse it in water for at 
least an hour. If the newspapers remain dry, then the 
integrity of the seal is still good.) 

Field deployment is simple. Find a telephone pole ina 
remote area at night. Climb up, access the terminal box, 
bypass the subscriber, hook up the clips, and feed the grey 
station wire down the pole. You can bury the ammo can at 
the base of the pole since the antenna is enclosed in the 
station wire running up the pole. In open terrain, this par- 
ticular model of cordless phone will work almost a half 
mile away from the pole when hooked up in this manner. 

When accessing a network interface in an urban set- 
ting, it is important to run the station wire up the side of 
the building to allow the antenna to perform well. This 
phone will function for over three blocks as long as there 
are not a lot of metal obstructions between the user and 
the installation. 

The modified cordless telephone is the ideal parasitic 
line seizure device. It can be deployed quickly, and the 
operative can be some distance from the installation 
while using the line, providing an extra degree of physi- 
cal security. Most significantly, this simple device is suit- 
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able for rural underground ops, where the communica- 
tions officer can perform the installation at a remote tele- 
phone pole and the commander or user of the phone can 
stay concealed. Rural telephones are seldom overly reli- 
able—if parasitic hookup is done at night and the line is 
restored afterward, the “system” is unlikely to detect the 
penetration quickly. In an emergency, the unit can be left 
behind or grabbed quickly by yanking the station wire 
from the pole while running with the ammo can. 


Wire Junction Box Rerouting 

A reliable technique for line seizure in a large build- 
ing is simply to access the wire junction box. As men- 
tioned, this large panel is usually located in the basement 
of an apartment building or in a common area of a build- 
ing; this is so the phone company technician can gain 
access to service the box without impeding the normal 
flow of foot traffic or requiring someone with a key to let 
him in. This makes the wire junction box an ideal access 
point for the underground operative. 

Additionally, the typical wire junction box has what 
many line technicians call “spaghetti” coming from the 
board as a result of different linemen from the phone 
company and independent firms connecting a variety of 
wiring configurations to meet the needs of the building 
occupants. The addition of an extra pair of “specifica- 
tion” wiring on the board is difficult to detect. 

The fundamental problems in the practical applica- 
tion of this technique tend to be locating an unused pair 
of cables at the junction box and determining where the 
desired pair actually goes in the building so the operative 
can employ the parasitic device at this location. Tracing 
telephone station wire through a building is difficult 
even for a phone lineman, Less than half of all wire junc- 
tion boxes have routing plans or markings on them desig- 
nating which specific station wires go to which rooms or 
apartments in the building. 


01 


The TELCO line technician has a specialized piece of 
equipment to assist him in this task. The device is basi- 
cally a small radio frequency (RF) generator that is placed 
on the line in the room. The technician then places a sen- 
sor near the wiring on the junction box that detects the 
RF field being sent down the station wire from the room. 
When the sensor is close to the wire connected to the RF 
device, it gives the technician a tone or light indication, 
allowing him to locate the specific line in seconds, even 
on a wire junction board with hundreds of lines. This is a 
useful technical capability for the operative to have. 
Unfortunately, these devices are difficult to obtain and 
extremely expensive. 

If the junction box is a simple twenty-five- to fifty-ter- 
minal unit in an apartment building, the operative can 
simply short out the black and yellow station wires at the 
target room and then trace this wire by checking the resis- 
tance of all the black and yellow wires at the junction box 
until he locates the desired pair. On larger or more elabo- 
rate unmarked junction boxes, the following home-built 
device can be made that will “chase” several thousand 
feet of station wire through a building or series of build- 
ings. It can be attached to a target line in a room and the 
operative can locate the specific desired pair of wires at 
the terminal box in seconds. 

The improvised line discrimination oscillator de- 
scribed here generates a small amount of amplitude-mod- 
ulated RF noise that is readily detectable by the sensor 
unit when placed close to the line. It can be used on 
active or dead lines with equal efficiency. The unit func- 
tions similarly to a wireman’s standard line trace unit, 
only it can be made in about twenty minutes for less than 
$15. All that is required are two duplicate portable bat- 
tery-operated AM radios, about 4 feet of hookup wire, an 
alligator clip, and a VOM-type probe. 

The inexpensive AM portable radio in the illustration 
on page 203 is a Panasonic model R-1007, which costs 
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An improvised line-discrimination oscillator. Using two ordinary, 
inexpensive AM radios, a low-power RF signal can be sent down a tar- 
get telephone line by one unit and electronically “chased” and tracked 
by the other. 


about $6 in any discount department store. Any portable 
radio of this type will work just as well. 

Feed a length of hookup wire through the hole in the 
earphone jack to the intermediate frequency (IF) “can,” 
which is a rectangular metal boxlike component on the 
printed circuit board. Most AM radios have several of 
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these IF cans on the PC board, and any one can be used 
for this application. Strip the hookup wire about one inch 
and wrap it once around the outside of the IF can. Make 
sure that the connection is tight and well-secured; this 
can be accomplished by tying the wire together and push- 
ing it down to the bottom of the circuit board. 

Perform this simple connection on both radios and 
close them up. Now tune one radio all the way to the end 
of the dial (1620 Khz, or 160 on the dial) and tune the 
other to around 100 (1165 Khz is the exact desired fre- 
quency). As you tune the second radio toward 100, you 
will hear a loud, somewhat irritating whistle from the 
speaker of both units when the IF frequency of 455 Khz 
difference is reached between both radios. 

When the two probe wires are close to or physically 
connected to each other, this whistling will be very pro- 
nounced. Connect one of these units to a phone line by alli- 
gator clipping the probe wire onto the yellow or black wires 
of the station wire or at the modular plug. Use the other 
unit to “follow” the signal electronically down the wire. 

Note that when the second unit is close to the station 
wire that has the first unit connected to it, the whistle 
sound is heard in the speaker. The telephone station wire 
is now acting as a long wire antenna for the oscillations 
being generated by the AM radio connected to it. 

The yellow or black wires are preferable to the red or 
green wires because the yellow and black wires generally 
are not active lines. If the improvised line discriminator 
is placed on an active line that is currently in use, it will 
generate an identifiable noise on the line that the sub- 
scriber may detect as something suspicious. If this is not 
aconcern in your application, any of the four wires can 
be used to function as the tracing wire. 

This fast, simple, low-cost device works because all 
modern radio receivers employ a detection circuitry 
characteristic known as superheterodyne. This means 
that a receiver is also a low-power transmitter—it oscil- 
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lates at an intermediate frequency as a part of its signal 
detection process. When two radios of like band are close 
to each other and their tuned frequency is exactly the IF 
frequency apart (455 Khz), they tend to whistle, or “het- 
erodyne,” against each other. This effect is more pro- 
nounced with cheap portable AM radios due to the lack 
of selectivity and stability of the circuit. 

The improvised line-discrimination oscillation unit 
can be employed in a number of covert communications 
tasks. It has obvious applications for line seizure, such as 
allowing the operative to locate a specific pair of wires 
anywhere on the line circuit, but this capability is also 
useful in wiretapping. 

Another useful characteristic of a portable AM radio 
wired in this configuration is that it can be used to 
detect a number of devices that might be covertly 
placed in an area. For instance, modern surveillance 
video cameras are small enough to fit inside a cigarette 
pack, and the lens aperture can be as small as 1/8 inch | 
in diameter. Yet any video camera will produce identi- 
fiable oscillations. The operative can use an AM radio 
modified with a probe wire around the IF can to cheap- 
ly and reliably “sweep” a room for video surveillance. 
Of course, many video cameras are fake look-alike 
devices installed for security purposes. The AM radio 
device can be used to verify whether a camera is real 
and operating or just a dummy camera. 

Take the sensor device around a room and notice the 
various noises it makes when placed near TV sets, fluores- 
cent lights, computers, calculators, and some digital 
clocks and watches. Just about anything electronic will 
produce an identifiable noise “signature” with this device. 

This is another example of low-tech off-the-shelf 
hardware being used to solve a high-tech problem. There 
are numerous devices that can be employed creatively to 
solve technical problems you may encounter. Use your 
imagination and improvise. 
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Improvised Hook Switch Alarm 

Although it is possible to simply monitor the VOM 
reading at the hookup terminals of a bypassed line in 
order to learn if the subscriber is attempting to use the 
seized line, many times the seizure is done at night some 
distance from the target building. In this situation there 
must be a means of alerting the operative that the user has 
attempted to make a call and is now aware that the line is 
not functioning. 


PC mount 5K 


potentiometer 


9 VDC battery Flashlight bulb 


Alligator clips to Piezobuzzer 


seized phone 


9VDG 


To phone line 
ae 


Piezobuzzer 


This homemade hook switch alarm provides audible and visual warn- 
ing when a seized/bypassed telephone line is picked up. 
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The circuit in the illustration on page 206 is simple 
and inexpensive to build. It requires only three compo- 
nents and a 9-volt battery. It can be built on some perfo- 
rated phenolic board (or perfboard) or on a thick piece of 
cardboard or plastic. The device fits inside a pack of 
cigarettes with ease. 
The following parts are required for construction: 
1. PC MOUNT 5K OHM POTENTIOMETER (Radio 
Shack stock #271-217). 

2. 3.6 Khz 4-28 VDC PIEZOBUZZER (Radio Shack 
stock #273-060). 

3. 7.2 VDC PR-18 FLASHLIGHT BULB (Radio Shack 
stock #272-1168). 

4. 9 VDCRADIO BATTERY, 

5. BATTERY CLIP (Radio Shack stock #270-325). 

6. HOOKUP WIRE. 

7. MINI ALLIGATOR CLIPS (Radio Shack stock 

#278-1156). 

8. SOLDER, ETC. 

As you can see by the illustration and schematic, this 
device is not complex or difficult to wire. To use, simply 
bypass the target line and adjust the potentiometer so that 
the light energizes and the buzzer sounds, then bring it 
back down until the light goes out and the buzzer stops. If 
the line is picked up, both light and buzzer will energize. 


Phone Tapping for Account Code Collection 
There are two types of hardware employed in tele- 
phone wiretapping: direct and inductive devices. An 
Faductive nollection device is simply a small coil of sev- 
eral thousand turns of fine-gauge wire placed near the 
phone line. When the phone is being used, the electrical 
signal is detected and transferred to a tape recorder with- 

out having to connect anything directly to the line. 
There are several points on a typical pay telephone 
where an inductive collection device can be attached to 
provide the required traffic. A low-cost inductive phone 
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pickup coil is available at Radio Shack (stock #44-533) 
for a couple of dollars. This device plugs into the micro- 
phone jack of a cassette recorder and provides excellent 
pickup. Tapping a busy pay telephone at an airport or bus 
station with an inductive device can result in the mass 
acquisition of telephone credit card numbers. 

1/8" audio jack to mic 

jack on VOX recorder 


j 


Shielded microphone cable 


Floor baseboard 


Red wire Station wire 


Green wire | e 


Modul 
ptioel Faceplate screw 


A fast and simple low-cost wiretap. The shielded microphone cable 
can be plugged directly into a VOX recorder. 
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Newer cassette and microcassette recorders have a fea- 
ture known as VOX, or voice activation, that is useful for 
wiretapping applications. By simply connecting the 
phone line directly into the microphone jack, the recorder 
will only turn on and record when the phone is in use. For 
example, many pay telephones utilize standard grey D 
station wire, making them excellent target phones. Using 
flame splicing or insulation displacement, a recorder can 
be connected to the red and green wires inside the station 
wire. The illustration on page 208 shows another applica- 
tion of this simple, low-cost phone tap. 

A parasitic telephone wireless transmitter also can be 
hooked up to the red and green wires to transmit the tele- 
phone traffic to a receiver and recorder. The DECO 
Industries model WTT-20 is quick to assemble and inex- 
pensive, yet it will broadcast both sides of a phone con- 
versation several blocks without batteries, since the 
device uses the phone line’s electricity to function. 

Regardless of how you collect the phone traffic— 
inductively, directly, or by radio—if you make a good 
quality recording of the conversations and tone dialing, 
any numbers not given verbally to the long-distance oper- 
ator can be collected from the tape with a low-cost 
decoder. A call-accounting device such as the Radio 
Shack CPA-1000 (stock #43-152) can be connected direct- 
ly to the target phone line to provide an accurate digital 
printout of all phone numbers dialed on the line. 
Recorded traffic can also be played directly into this 
device with a home-built modular adapter from the 
recorder’s earphone jack. The CPA-1000 runs off four AA 
batteries, which allows operation without having to plug 
it into a wall socket. 

As you can see in the illustration, a radio wiretap can 
be inserted inside the conduit box that typically houses 
the station wire in back of the pay phone. WARNING: 
Many pay telephone terminals have two such conduit 
runs in back. One of these contains a 110-volt AC wire 
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that provides the booth with electricity for lighting, etc. 
Carefully open the conduit housing with a screwdriver 
and observe the thickness of the wire. If it is heavy gauge 
and multicolored—such as black and white or green— 
then this is probably the power cable. The conduit con- 
taining the telephone station or drop wire will be light 
gauge, solid strand. Handle these wires with caution until 
you have identified them. You can receive a substantial 
shock from the wiring. 

It is frequently desirable to hook up a small piece of 
wire to the radio wiretap to serve as an antenna. If the tap 
is concealed inside the metal housing of the conduit, a 
small piece of wire should be left dangling neatly outside 
the housing to allow efficient radiation of the signal. 

The radio tap is received by a scanner, which then 
feeds the signal to a VOX recorder. The recorder’s output 
is fed into the call-accounting computer, which provides 
the operative with a detailed printout of all credit card 
numbers or phone numbers dialed into the target tele- 
phone. The call-accounting system can also provide data 
on the time calls were made, the duration of each call, 
hang-up time, and the number of rings before connection 
was made. All this can be useful information. 

All of the above devices will run on batteries, and the 
entire system can fit easily into a typical attaché case for 
portable collection work. If several devices are installed, the 
scanning receiver can continuously scan a number of pay 
phone wiretap frequencies and begin recording only when 
one is in use. Long-distance credit card calls from a pay tele- 
phone tend to be quite short, and if an extended play 


A wireless, unattended radio wiretap. This low-cost (under $300) sys- 
tem can provide both sides of telephone traffic as well as a continu- 
ous printout of all long-distance credit card numbers dialed. It can be 
assembled to fit inside an attaché case and allows interception of up 
to 100 telephones in a prearranged priority. 
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recorder is used, one two-hour tape can provide the opera- 
tive with dozens of working telephone credit card numbers 
in less than one day from a busy transportation center. 


Collecting Telephone Credit Card Codes with a Scanner 

A programmable scanner capable of monitoring 
between 46.000 and 46.980 Mhz can easily search all the 
frequencies available for cordless phones (as well as the 
new allocations issued by the FCC coming on line in a cou- 
ple years). Many people who use a friend’s cordless phone 
to make a long-distance call will use their credit card, giv- 
ing the number to the operator over the airwaves. Thus 
these are also interesting frequencies to 
monitor regularly. 

A scanner capable of monitor- 
ing between 870.000 and 894.000 
Mhz can search in 30 Khz incre- 
ments for cellular phone calls. 
The ACE AR-1000 is an exce)- 
lent scanner for this type of 
monitoring (available from 
ACE Communications, 
10707 East 106th 
Street, Indianapolis, 
IN 46526). Cellular 
owners use long- 
distance credit 
cards fre- 
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keyed into the cordless or cellular phone manually by the 
user, a digital DTMF (dual-tone multifrequency) decoder 
available from a number of electronics suppliers will pro- 
vide you with the numbers. 


2) ACCESS CODE INTERCEPT 


Access to or possession of long-distance telephone 
credit card codes is a useful underground communica- 
tions tool. The codes allow an operative to go to virtually 
any one of 570 million telephones in the world and place 
a call to any other telephone. 

The organized theft of telephone long-distance credit 
card access codes has been conducted for a number of 
years. This activity is perhaps the most financially drain- 
ing service theft for the various long-distance carriers. 
Where a simple approach to service theft such as para- 
sitic interconnect is focused on the operative’s private 
use of the phone circuit, access code intercept provides 
criminal groups with a source of income. The account 
codes are sold nationwide through computer bulletin 
boards, underground criminal networks, and at major 
transportation centers. 

The previous section on parasitic interconnect pro- 
vided details on using a radio wiretap for the mass collec- 
tion of usable access codes from pay telephone terminals 
as well as how to acquire these numbers with a pro- 
grammable scanner. This section will focus on nonelec- 
tronic collection of these codes. 

Since this is such a problem for the telephone com- 
panies, the illegal acquisition of access codes is aggres- 
sively studied and prosecuted within the industry. This 
activity is potentially the most dangerous of all 
approaches for an underground operation. The legal 
ramifications of being taken into custody for possession 
of a stolen account code number or collection of 
account codes should not be understated. The process 
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by which the average service thief is eventually caught 
is important to consider. 

If you use a stolen credit card number to call any- 
where but another pay phone, you will eventually be 
detected and caught. Toll analysis for patterns of theft has 
become highly advanced. 

The chronology of the illegal calls is of major impor- 
tance to establishing a pattern. The first call or two is 
often used by the specific thief; it may also be used to dis- 
seminate the code number to others. Thus if the first ille- 
gal call originates in one area code and is used to call 
another area code, and if subsequent calls originate from 
the second area code thereafter, the security analyst will 
know the card was probably stolen in area code one and 
then sold in area code two. The fact that the chronology 
of the calling pattern is significant should convince the 
reader that allowing a large number of people to use the 
number after you have used it for a while will do nothing 
but accelerate the detection process. 

There are four basic nonelectronic access code collec- 
tion strategies currently being employed: 

1. NONINVASIVE POSTAL INTERCEPT. 

2, TELEPHONE SOLICITATION FRAUD. 

3. RETAIL SALES TRANSACTION IDENTIFICA- 

TION FRAUD. 

4. TERMINAL SURVEILLANCE. 

An understanding of these methods of credit card 
theft and fraud will provide the operative with several 
options in the use of the telephone. 

WARNING: The following techniques are illegal. It is 
a criminal act to conspire to defraud the consumer or the 
telephone company to gather information regarding long- 
distance telephone credit card numbers for the purpose 
of illegal usage. There are federal penalties for conviction 
of such crimes. 

This is an important consideration in communica- 
tions planning. The theft of access codes for free long-dis- 
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tance calls is a somewhat useful capability, but it is not 
the safest communications tactic in the world. 

The methods used by small-time service thieves are 
easy to understand and relatively simple to employ. A 
professional thief, on the other hand, will never person- 
ally use the code number. It is a perishable “commodity,” 
used as a currency in street crime. Selling the numbers in 
groups of five for $100 is common. The distributors of the 
stolen numbers are not greatly concerned with the toll 
billing analysis threat, since no traffic on the bill will ever 
be linked to them. This operational characteristic is what 
makes telephone access code intercept a lucrative multi- 
million dollar industry. 

The communications officer frequently has a differ- 
ent use for the numbers than the typical service thief. 
Overall, however, bulk intercept of access codes by elec- 
tronic and nonelectronic means is probably not a very 
effective or useful tactic in any long-term guerrilla under- 
ground enterprise. This technology is only useful in 
short-term or emergency operations, Careful use of COM- 
SEC is advised. The communications officer must control 
the distribution of both the numbers and the collection 
technologies, since all aspects of the process are illegal 
and potentially compromising. 

The network that would employ the stolen access 
codes on an ongoing basis is the action net. These cell 
members tend to be mobile to the degree that they can be 
considered transients. The random use of an illegal card 
to contact another mobile member of these frequently 
fragmented cells is practical and common. 


Noninvasive Postal Intercept 

This is a relatively new approach to credit card theft. 
The service thief has learned that if the telephone credit 
card is mailed to a customer and it is not received 
because of postal intercept, the card will be cancelled 
immediately. This is a direct result of BELCORE’s mail 
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accounting program. Consequently, the thief now uses a 
few creative techniques to gain access to the number 
without opening the mail or even needing to have posses- 
sion of the mail for a significant period of time. 

The telephone credit card is usually mailed in a dis- 
tinctive envelope that carries the long-distance compa- 
ny’s logo on the outside. The envelope also has a charac- 
teristic thickness. Service thieves specialize in identify- 
ing these packages. 

By feeling the envelope and bending the package 
slightly, a service thief can determine that it does in fact 
contain a plastic card. The thief simply places a piece of 
thin paper over that portion of the envelope and carefully 
rubs over it with the side of a sharp pencil to create a sten- 
cil image of the embossed numbers. 

Another approach used by college students is to place 
an ordinary piece of typing paper over the card location and 
then put a piece of carbon paper over that. They then run a 
plastic card or a comb over the carbon paper and it imprints 
the card number from the carbon to the typing paper. 

If the card is not embossed, then the service thief 
sprays the outside of the envelope with a small amount of 
automotive Freon normally used to recharge automobile 
air-conditioning systems. The Freon makes the envelope 
transparent or at least semitransparent. The card number 
is read and transcribed before the Freon evaporates with- 
out any visual trace on the envelope. 

“Wet” openings using high concentrations of steam 
are less effective on these types of mail packages because 
the seal on the envelope is gummed and closed by a 
machine; therefore the sealing compound is seldom 
water-soluble. Since the package is produced by automat- 
ed means, the old style “dry” openings also tend to be 
ineffective, since the piece is tightly sealed. 

Postal intercept of credit card account codes has many 
risks and is seldom practical unless the operative has 
access to a high-traffic, high-turnover residential area. For 
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instance, college students returning to campus generate a 
large number of telephone installations in dormitories in a 
relatively short period of time. This high volume of service 
connections and long-distance access card mailings has 
significant appeal to the service thief. Military housing 
facilities also tend to have a high turnover and, subsequent- 
ly, a lot of new service connections. 

Mail intercept of card numbers is especially danger- 
ous since phone service theft is only secondary to the 
serious crime of tampering with the U.S. Postal Service. 
The mail is the property and legal jurisdiction of the fed- 
eral government until it reaches the intended recipient. 
Tampering with the U.S. mail is a federal offense. 

A recent case of a phone company sting operation 
should be considered by the operative. 

In 1989, a major U.S. long-distance carrier mailed a 
large number of false telephone credit cards to a college 
campus. If the card was actually received by the intended 
user, the carrier offered the service on a trial basis so he 
or she could compare the carrier with their current long- 
distance service. The parties who intercepted any of the 
temporarily active account codes were caught because 
every bit of traffic on the card numbers was recorded and 
traced by the carrier. 


Telephone Solicitation Fraud 

Telephone solicitation fraud is notable because it is 
somewhat anonymous and it gains access codes by sim- 
ply asking for them. It, too, is a relatively new approach 
to gaining access to telephone credit card numbers. 

The long-distance service industry is extremely 
competitive. An increase of a fraction of one percent- 
age point in market share for a company can mean lit- 
erally hundreds of millions of dollars in increased rev- 
enues. As a result of this lucrative business climate, 
many firms conduct aggressive telemarketing cam- 
paigns to sign up new customers. Exploitation of this 
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situation by criminal groups has proven extremely dif- 
ficult to defeat. 

A telephone “solicitor” will call random residential 
numbers out of the phone book. He will tell the person 
who answers that he represents one of the major long-dis- 
tance carriers or a “new” fictitious carrier. The solicitor 
frequently targets a specific demographic group in this 
enterprise. For example, he will offer elderly prospects a 
substantial “senior citizen discount” for giving the ficti- 
tious company a trial run. He will then offer one or more 
free months of service to the prospect if they agree toa 
trial. The deal offered is never too good to be true, but the 
savings are usually quite substantial to the senior citizen. 

The solicitor gets the prospect to agree to a no-obliga- 
tion trial period with one free month of service. Once the 
agreement is made, the solicitor asks the person for his 
current long-distance carrier account number so he can 
notify that company that the person wants to switch over 
for a trial period. The solicitor tells the person that he 
does not need to contact his current company himself 
unless he decides to keep the new service. As soon as the 
prospect gives the solicitor his long-distance credit card 
number, he is told that he will receive confirmation and 
brochures in the mail in a couple weeks. 

Of course, the prospect never hears from the solicitor 
or the bogus company again, and his credit card number 
is used by various criminal groups until it “burns,” or no 
longer allows long-distance access. 

The smooth-talking phone solicitor can gain a large 
number of telephone credit cards this way in a three or 
four hour shift. Elderly and low-income housing occu- 
pants seem to be the most frequent targets, although 
recent telephone solicitation fraud operations have 
focused on college campuses. 

The various carriers have studied this problem, and 
the fact that most of them participate in their own long- 
distance service telemarketing programs seems to keep it 
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from being corrected. Most American households receive 
these solicitations from time to time, and there is no prac- 
tical way for the prospect to identify the solicitor or the 
validity of the offer being made. 


TELCO Security Ploy 

This is a fairly sophisticated variation of telephone 
solicitation fraud that allows the operative to get a quick 
set of numbers for emergency use. The operative seizes a 
line and determines which long-distance service his target 
is using by making random calls or by using the 700 code. 
Basically, the line is seized from outside the residence 
(apartment complexes are frequent victims of this ap- 
proach because the terminal and junction boxes generally 
are accessible to the operative) and the thief dials 1-700- 
555-4141. This accesses the long-distance switch, and a 
recorded voice identifies which carrier is using the line. 

The operative then calls the target from a pay phone 
and in an authoritative voice identifies himself as an 
employee of the security division of that long-distance 
carrier. He tells the target that he is checking the toll 
billing of the target’s long-distance account to determine 
if it has been tampered with. He reads a series of numbers 
to the target and asks him or her, “Are any of these your 
long-distance access code?” The target states that none of 
them are. The “security man” then asks for the correct 
number, and amazingly, the target often provides it. The 
target is then advised that there was probably some sort 
of mix-up and that he will not be billed or contacted 
again regarding the problem. 

This ploy has many variations and is frequently tar- 
geted toward elderly people. Once the operative gets the 
legitimate credit card number, he reassures the target that 
he will “straighten things out” and apologizes for disturb- 
ing him or her. The operative often has a legitimate num- 
ber of the carrier should the target ask for it, but this num- 
ber is for an obscure billing inquiry office or other toll call 
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center in another state. The target is often hesitant to pay 
for the long-distance call to inquire further but feels reas- 
sured that there is a number to call should they have any 
questions. 

The numbers are burned very rapidly. Generally, 
within a matter of days, the customer's card has hundreds 
and even thousands of dollars of unauthorized usage by 
the time the real phone company security calls to inquire 
about the irregularly high usage. By then, of course, it is 
too late. The card is cancelled and the customer is issued 
another. Although they are warned about the ruse, they 
typically do not have to pay the unauthorized charges. 


Retail Sales Transaction Identification Fraud 

This approach was recently uncovered in New York 
City. A group of retail clerks were already involved with 
selling major bank credit card numbers to a criminal 
group. They began making a sideline out of obtaining and 
then selling long-distance access codes to the same 
source. Every time a customer wished to pay by check, 
the clerks accepted a bank credit card as ID for the trans- 
action, but the customer was then requested to present 
another form of “plastic” and they were told that a tele- 
phone card was suitable. 

Consumers are hesitant to provide their bank credit 
card numbers in order to cash a check, but they seem to 
be more than willing to provide their telephone credit 
card number as a piece of identification. The fact is that a 
telephone credit card is not a usable form of ID, and theft 
of service from a phone credit card is easier to accom- 
plish than theft off of a bank card. 

Many people do not have major bank credit cards, but 
if they have a phone they generally have at least one long- 
distance credit card. This approach is difficult to defeat, 
although if the customer remembers using the card to 
cash acheck, the clerk is very likely to be questioned by a 
telephone company investigator. 
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Another ID fraud scheme involving false solicitation 
for a major bank card was uncovered recently in a low- 
income housing project in Chicago. The solicitor offered 
a guaranteed bank credit card to someone in a low- 
income situation and asked for his telephone credit card 
number as part of the application. This criminal tech- 
nique is also relatively difficult to counter. 


Terminal Surveillance 

This is one of the oldest techniques of telephone cred- 
it card account number theft. Basically, it is the technique 
of observing someone dialing in a credit card number at a 
pay phone terminal in an airport or hotel lobby. 

Terminal surveillance is actually a variation on an 
age-old technique taught to surveillance operatives at 
many law enforcement and intelligence agencies. The 
ability to follow someone on foot and observe them at a 
pay telephone while making careful note of the numbers 
the subject dials can be very useful. 

Entire rings of credit card thieves have operated using 
this technique as their sole source of code number collec- 
tion. The thief, sometimes called a watcher, situates him- 
self near a large bank of pay phone terminals in an airport 
lobby. He has a usable cover reason for sitting there, such 
as waiting ona traveler. The successful watcher works any 
one location only for a short period of time before moving 
around on a predesignated route in the air terminal. 

Although most airport security personnel are knowl- 
edgeable of the theft of passenger telephone codes 
through terminal surveillance, it is relatively difficult to 
detect someone in the act of number collection. There are 
a number of much more serious crimes that occur at air 
terminals, so this activity is not heavily focused on by 
security personnel. 

In the mid-1980s, terminal surveillance activities 
were covered heavily in the press. Many newspapers and 
magazines advised travelers to dial their credit card num- 
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bers in a manner that would be difficult to observe. 
Despite the warnings, the typical traveler either is not 
aware of this threat or is not concerned by it. By visiting a 
local bus or air terminal during passenger boarding and 
arrival, you will see that there are more numbers being 
visibly dialed into more telephones than you can easily 
make note of. (A group in Los Angeles even provided its 
watchers with microcassette recorders to read off the 
numbers observed being dialed into phones.) These con- 
versations and phone contacts tend to be fairly brief; 
thus, more numbers are used per phone, per hour. 

The thief tends to target a specific passenger profile to 
surveil at a phone bank. The well-dressed business exec- 
utive may use a company phone credit card to make his 
call, and the corporate card is a prized number to acquire. 
This particular type of access code number is termed a 
double zero in street slang because many companies have 
the last four numbers of their office telephones in the 
hundred and thousand series, such as 555-2300 or 555- 
2100. These are already high-traffic codes, and the vari- 
ous employees who use the card daily frequently use it to 
make personal calls as well. This places a considerable 
volume on these cards. If used sparingly by the service 
thief, the access number will be good for several months. 
If he uses it only to call “sterile” numbers, the theft may 
never be detected. 

Using a high-volume card immediately after the legit- 
imate holder of the card used it also helps conceal the 
theft to a degree. The user of the card will get the bill for 
your usage but may not remember what specific calls 
were made that day, or to where. The user will, however, 
remember being at that location and making a call. 

A trained observer at a telephone bank can develop 
the instinctive ability to detect other surveillance in the 
immediate area. After sitting at a high-traffic phone 
bank for any period of time, the operative can easily 
point out anyone else conducting the same type of 
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surveillance as well as any security personnel observ- 
ing the entire area. 

Testimony that an individual was observed sitting 
near a phone booth apparently watching people dial in 
their card codes is not considered permissable evidence 
in court. A subject must be caught transcribing the num- 
ber to some medium. Many thieves write the numbers 
they collect in a magazine or newspaper they appear to 
be reading while conducting the surveillance. The group 
using recorders in Los Angeles avoided prosecution for 
some time because they trained all of their watchers to 
record a maximum of five numbers and then rewind the 
tape back to the beginning. If the watcher detected 
surveillance, he was instructed to leave the area immedi- 
ately. If he was challenged, he pressed the record button 
to erase the five numbers in seconds while politely 
stalling the individual challenging him. 

Terminal surveillance is simple, successful, and 
incredibly common throughout the world. The ability to 
quickly employ the technique to collect just one usable 
telephone credit card number to make just one quick tele- 
phone call is a significantly useful form of tradecraft. A 
skilled operative should always be able to go to any air- 
port and immediately collect an account code or two, 
then go to any pay phone in the area and make a contact. 

The conduct of this simple operation can also provide 
an added layer of COMSEC for an underground operation 
because it can be used to spontaneously create a signifi- 
cant amount of electronic “litter” should the operative 
happen to be at an airport and suddenly detect active 
surveillance. The people watching the operative proba- 
bly will not observe one quick code collection, but they 
certainly will observe the use of a telephone afterward. 
They may even make note of the numbers dialed. A time- 
consuming deceptive “lead” can be created if a random 
number out of the local directory is called. The investiga- 
tor will have to follow up on whatever number was 
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called, and he will also have to check out the owner of 
the credit card number used. When the investigator con- 
fronts the owner of the credit card, he will deny knowl- 
edge of knowing the operative, even though he was at the 
airport on that specific day at that specific time. This is a 
potentially time-intensive false lead to give to any gov- 
ernment or private intelligence agency. 


3) SYSTEMATIC DECEPTION 


Systematic deception is a relatively simple yet diffi- 
cult-to-defeat technique that requires a small amount of 
planning but ultimately results in the operative obtaining 
at least three long-distance access codes by making just 
one fifteen-minute phone call. It entails simply asking 
the phone company for access under a fictitious name. 
This technique takes advantage of an operational charac- 
teristic of the telephone long-distance service industry 
and is employed by undercover operatives, corporate 
intelligence types, and criminal conspirators. 

When the telephone billing office receives a request 
for residential telephone service, the entire order is pro- 
cessed over the phone. If the customer's residence has 
had service recently or has modular jacks already 
installed, the activation of the line requires central office 
control only, meaning no technician has to visit the resi- 
dence to connect the service. It is a relatively simple task 
to locate a suitable unoccupied dwelling to establish as a 
fictitious residence for a service installation request. 

The verbal application over the phone establishes 
an immediate credit “profile” that the operator can use 
to instantly grant a connection on a specific day and 
time. Since the connection will be made at the central 
office, the customer does not need to be home at the 
time service is connected. The operator simply pro- 
vides the new customer with an installation date and 
the new telephone number, usually right at the time the 
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service request is made. Connection generally takes a 
few working days to complete. 

Systematic deception exploits this lack of human inter- 
action for a typical telephone service connection. Using 
this technique, the operative creates a false “electronic 
identity” and obtains an unlisted telephone number in a 
fictitious name in an unoccupied dwelling. Using this 
newly assigned telephone number and false account, he 
contacts the various long-distance service carriers in his 
area and obtains telephone long-distance travel cards or 
actual long-distance service. The phone line installed at 
the false residence is never actually used by the operative; 
it and its accompanying billing account are used only as a 
basis to get account cards from long-distance carriers. 

This anonymous approach to long-distance service 
access has many significant advantages over outright ser- 
vice theft. Eventually, the initial service will be discon- 
nected for lack of payment, usually within sixty days of 
connection. However, the long-distance cards can last for 
over a year if they are not used heavily. Eventually these 
too will be cancelled for nonpayment, and the closed 
account becomes nothing more than uncollectible 
accounts receivable to the phone companies rather than 
an apparent theft of service. The account is not studied 
by security investigators; instead it is placed with the col- 
lections department for follow-up to try and recover the 
unpaid bill, Eventually, the entire account is written off 
as “bad debt” and the effort to collect is suspended. The 
entire matter goes into the “dead” file, and the file is kept 
only to deny service to the fictitious name if it is ever 
requested again. 


Creating an Electronic Identity 

Systematic deception requires an electronic identity 
that will meet specific credit profiles for the telephone 
company’s business office. When you call to request 
phone service, the operator will ask a few questions to 
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determine your credit worthiness as well as verify your 
identity. The following information needs to be provided: 
. FULL NAME. 
. DATE OF BIRTH. 
. SOCIAL SECURITY NUMBER. 
. PREVIOUS ADDRESS AND PHONE NUMBER. 
. CURRENT EMPLOYER. 
. BANK REFERENCE. 
. CONSUMER CREDIT INFORMATION. 
. TWO OR THREE LOCAL NUMBERS 

OF FRIENDS, FAMILY, OR ASSOCIATES. 

9. ADDRESS FOR PHONE INSTALLATION. 

10. TELEPHONE SERVICE OPTIONS. 

11. BILLING OPTIONS. 

12. PREFERRED LONG-DISTANCE CARRIER. 

Unlike other forms of false ID, an electronic identity 
is relatively easy to create since there is no actual docu- 
mentation involved in its creation. The following pages 
will discuss methods of creating this unique form of iden- 
tification that will enter the telephone company’s com- 
puter without a hitch. 

Carefully applying the following steps to create your false 
electronic identity, destroying your notes when finished, and 
destroying the credit cards you gain using this technique will 
significantly reduce the chance of compromise. 

WARNING: Providing a fictitious name to a business 
with the intent to commit consumer fraud is a felony in 
all states. Providing a fictitious Social Security number to 
any business or agency is also a felony. Possession of a 
long-distance telephone credit card that was obtained 
using false pretenses is sufficient grounds for prosecu- 
tion. Conviction of conspiracy to defraud may result in a 
$100,000 fine and/or ten years imprisonment. 

STEP ONE: Create a name. 

To assist in the approval of your phone service, create 
a common name for yourself. The more common the 
name, the more difficult to track potential abuse. Ac- 
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cording to the U.S. Census Bureau, the following are the 
ten most common names in the United States: 

1. SMITH. 

2. JOHNSON. 

3. WILLIAMS. 

4. JONES. 

5. BROWN. 

6. MILLER. 

7. DAVIS. 

8. ANDERSON. 

9. WILSON. 

10. THOMPSON. 

Your choice of first and middle names is flexible. 
Although you generally are asked only for a middle ini- 
tial, it is best to have a complete middle name handy in 
case one is requested. 

STEP TWO: Create a date of birth. 

This may sound simple enough, but there are some 
parameters that merit consideration. First of all, don’t use 
your real date of birth; it could be used as a means to 
catch you. Second and less obvious is your age. Make 
your age at least 35 years old. People in the 35 and older 
group are much better credit risks than those in younger 
age groups. Compute your current age based on your fic- 
titious date of birth and put it on the notations beside 
your date of birth. Don’t get tripped up by knowing your 
date of birth but not your age. 

STEP THREE: Create a Social Security number. 

Your Social Security number is the most useful iden- 
tification for a business or the government to maintain 
various records on you. Again, it obviously is not a good 
idea to provide your own Social Security number. As a 
matter of fact, it is wise to avoid even slight resemblance 
to your own number. 

In this operation you are going to be someone who just 
moved to the area, and where you moved from has some 
bearing on the Social Security number you choose. The 
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first three digits of the number designate the state the card 
was issued in. It may not be your original place of birth, 
but it will indicate in which state you originally received 
the card. The last six digits identify the individual. 

New federal laws mandate that numbers be assigned 
at birth, but the following table will assist the operative 
in creating a seemingly legitimate number: 


ALABAMA 416-424 
ALASKA 574 

ARIZONA 526-527 
ARKANSAS 429-432 
CALIFORNIA 545-573 
COLORADO 521-524 
CONNECTICUT 040-049 
DELAWARE 221-222 
FLORIDA 261-267 
GEORGIA 252-260 
HAWAII 575-576 
IDAHO 518-519 
ILLINOIS 318-361 
INDIANA 303-317 
IOWA 478-485 

KANSAS 509-515 
KENTUCKY 400-407 
LOUISIANA 433-439 
MAINE 004-007 
MARYLAND 212-220 
MASSACHUSETTS 010-034 
MICHIGAN 362-386 
MINNESOTA 468-477 
MISSISSIPPI 425-428 
MISSOURI 486-500 
MONTANA 516-517 
NEBRASKA 505-508 
NEVADA 530 

NEW HAMPSHIRE 001-003 


228 « SPYCOMM 


NEW JERSEY 135-158 

NEW MEXICO 525 

NEW YORK 050-134 
NORTH CAROLINA 237-246 
NORTH DAKOTA 501-502 
OHIO 268-302 

OKLAHOMA 440-448 
OREGON 540-544 
PENNSYLVANIA 159-211 
RHODE ISLAND 035-039 
SOUTH CAROLINA 247-251 
SOUTH DAKOTA 503-504 
TENNESSEE 408-415 
TEXAS 449-467 

UTAH 529 

VERMONT 008-009 
VIRGINIA 223-231 
WASHINGTON 531-539 
WASHINGTON, D.C. 577-579 
WEST VIRGINIA 232-236 
WISCONSIN 387-399 
WYOMING 520 


It is notable that the further south and west on the 
map, the higher the first three digits of the Social Security 
number. HINT: Create the Social Security number from a 
populous state. Note that some states have more numbers 
available than others; California, for instance, has twen- 
ty-eight three-digit codes, while Alaska only has one. 

Acredit check based on a Social Security number and 
complete name is fairly expensive. The various agencies 
that sell this information do so at a cost of about $25 to 
$50 per inquiry. This makes it expensive for the phone 
company to actually request these reports for each new 
account. The credit worthiness of the service requester, 
therefore, is based on the answers given to the questions 
at the time of the request. No actual credit checks are gen- 
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erated in this process unless the caller is requesting a 
number of lines for a business. 

Although the Social Security Administration is pro- 
hibited by federal law to verify or provide Social Security 
numbers to any commercial enterprise as well as most 
federal agencies, the threat of being caught with using a 
false number should be considered carefully. It is a felony 
to use a bogus number on a job application as well as 
when applying for a credit card or consumer credit, and a 
bogus number would not pass a law enforcement or 
detailed credit inquiry, such as one made during an arrest 
or during the purchase of a large-ticket item. Since the 
operative is not actually filling out any documents when 
requesting phone service, the criminal risk is lower, but it 
still should be considered. 

STEP FOUR: Create a previous address and phone 
number. 

The further away from the place you request service 
the better. If you are getting a bogus installation in 
Florida, make your previous address in California or 
Oregon. It is preferable to have actually been to the city 
listed as your previous address. By using one of the 
common names discussed earlier, it is possible to go to 
the local library and look up your previous address in 
one of the many phone books available there. Although 
you can certainly make up the entire address and phone 
number, it is best to have an existing one to use. If you 
use one of the common names given above, you will be 
surprised at the number of addresses and phone num- 
bers available to you. 

One final insurance would be to gather several poten- 
tial previous numbers and call them collect from a pay 
phone. Odds are very good that, if chosen from an older 
phone book, one of these numbers will be disconnected. 
The disconnected number is the one that you should use 
along with its accompanying address. 

Learning the ZIP Code to your previous address is 
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also important. Find it in the beginning of the phone book 
or in the library’s ZIP Code directory. 

The above method takes advantage of another charac- 
teristic of the new phone system. Since the regional 
phone companies are no longer related to one another, it 
is difficult for any one company to verify information 
about you from a different company, particularly if that 
company is far away from where you are making the 
bogus request. 

STEP FIVE: Create a current employer. 

Your new identity has just hired on to or been trans- 
ferred by the biggest company in town. Learn the exact 
address of this company as well as the phone numbers to 
the main switchboard and your specific department. 

Choosing a large company helps you create legitima- 
cy and financial solvency in the mind of the operator, and 
acommon name is likely to be found in most any depart- 
ment. This information is not usually checked out either, 
but it is a useful ploy to create legitimacy. 

STEP SIX: Create a bank reference. 

Tell the operator you have a checking and savings 
account at a local commercial bank or savings and loan. 
You will be asked for a number to these accounts, and 
they can be created rather easily. 

In the lower left hand corner of a bank draft or check is 
a series of numbers printed with a magnetic ink, and their 
use is fairly standardized. Typically there are twenty-five 
digits, which represents the following information: 


Federal Reserve Individual customer account# = Check 
BankIDnumber _ account number number 
123456789 123456789000 0123 


By looking at a check from a local bank, you can cre- 
ate a false account number. Tell the operator you are look- 
ing at the bottom of your check for your account number. 
As long as you get the first nine digits right and provide 
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eighteen more numbers to the operator, you will have no 
problem. Banks generally are hesitant to provide credit 
information to anyone by telephone. This typically elimi- 
nates the operator's ability to verify the account. 

STEP SEVEN: Provide consumer credit information. 

Indicate that you have a late-model vehicle you are 
paying off through a bank loan, as well as several 
accounts at major department stores. This frequently is a 
cursory question to determine if you have consumer cred- 
it; it is seldom too specific in nature. 

STEP EIGHT: Provide local contact numbers. 

The service operator will ask for the names and tele- 
phone numbers of people you know locally. Although 
this is requested as another form of credit reference or a 
way to get ahold of you in case there is a question with 
your installation, it is also to provide the phone company 
with local sources of information should you fail to pay 
your bills. These names can be provided to the operator 
directly out of the phone book. 

STEP NINE: Provide an address for phone service 
installation. 

This is where you are requesting service. It should be 
a densely populated, upper middle class apartment com- 
plex or housing development. The actual apartment 
number should be known and provided. When selecting 
an address, consider access to the mailbox of this 
dwelling in order to be able to retrieve the account cards 
when they arrive. Another option is to set up a fictitious 
mail drop and use it to collect the account cards. It is not 
uncommon for phone customers to request that bills be 
mailed to a post office box or an address other than the 
service location. 

STEP TEN: Choosing service options. 

Frequently the operator is given a bonus for meeting 
quotas on selling such options as call waiting and call for- 
warding. There is a degree of flexibility here, but it is sug- 
gested that you request an unlisted number. About 40 
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percent of Americans now have unpublished numbers, 
paying a small fee each month to keep their names out of 
phone books and off of directory assistance. This desire 
for privacy is encouraged by the phone company, since it 
gets paid to provide the service. It’s also a good idea to 
order some other option to help the service operator ful- 
fill his or her quota and thus encourage the smooth flow 
of the process. 

STEP ELEVEN: Choosing billing options. 

After installation and option fees are calculated, the 
usual cost for service connection is around $50 to $100. It 
is common for the phone company to allow this fee to be 
paid over the next three months. If this is offered, take 
advantage of it; it tends to slow down the disconnection 
of the false line. 

STEP TWELVE: Choosing a long-distance carrier. 

If you answer all of the questions properly, you will 
be given a telephone number and a date when service 
will be activated at the residence. At this point the opera- 
tor will ask you which long-distance service you prefer. 
Choose AT&T. The operator will provide you with the 
number to AT&T and activate the billing information 
with the AT&T operator. You may also request a local 
phone company calling card at this time. These cards are 
offered by all the regional companies and are as useful as 
an account card from a major carrier. 

When providing your electronic identity, make sure 
you have all of your false ID data in front of you, sound 
casual and kind of busy, and the request will go quickly 
and smoothly. 


Requesting Long-Distance Service 

Requesting service from a long-distance carrier gener- 
ally involves answering the basic questions outlined 
above, but be prepared to answer a few others. One of the 
more common is approximately how much long-distance 
service you expect to use each month. The average tele- 
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phone bill in the United States is generally less than $50; 
indicate that your billing will change from month to 
month but will not often get over $100 to $150. It is 
important to sound like a good billing customer from the 
perspective of the long-distance service operator. 

When requesting long-distance telephone service, 
you will be asked by the operator for a contact number to 
call back. This formality to verify the request for service 
typically takes place within two to four hours of the 
request if you call during normal business hours, which 
is suggested. It is needed because long-distance tele- 
phone carriers are aggressive marketing organizations, 
and sometimes the salespeople get a little over aggressive. 
The contact number is used to verify the sale; the verifier 
generally is a supervisor. 

The contact number can be a friend’s house (not 
wise, though relatively safe) or a pay phone. For bulk 
acquisition of cards, where requesting bogus connec- 
tions and service is an ongoing enterprise, it may be 
useful to set up a residential phone at a temporary 
house and use this number as the contact number. This 
may be elaborate, but it is a viable option when you 
consider the number of account codes you can generate 
with this procedure. 

Another approach to the contact number is to order 
call forwarding and wait for service to be connected at 
the unoccupied dwelling. This low-cost option allows 
you to transfer inbound calls to any number you wish. 
Telling the long-distance company to contact you at the 
new number makes the service request appear even more 
legitimate, and you can forward the calls from the 
dwelling by connecting a telephone setup to the terminal 
box outside the residence. 

Most long-distance telephone companies now offer mul- 
tiple accounts on each phone, meaning that you can get two 
or possibly three credit cards by indicating that you want 
one card for your spouse, one for your children, and one to 
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use for business only. This is easy to request, and the carriers 
seem to like to provide these extra account numbers. 

Keep in mind while making requests for long-dis- 
tance service and calling cards that these companies are 
very aggressive in their marketing, and the multibillion 
dollar long-distance industry is very lucrative. This caus- 
es most of them to be very friendly in their marketing 
efforts. Indeed, systematic deception works because the 
long-distance companies are aggressive and greedy, and 
because most people do, in fact, pay their phone bills. 

Remember, when requesting residential telephone 
service, always ask for AT&T to be your long-distance car- 
rier. The various telephone companies all used to be part 
of AT&T, and this seems to be good “form” in the service 
request. It might be helpful to record the conversation 
with the telephone service office in order to study the 
process for the next step. 

Within about a week, you will receive a local calling 
card and an AT&T calling card. As soon as you receive 
them, call MCI, U.S. Sprint, and any other carrier, request 
to switch over your long-distance service at your ficti- 
tious phone number, and get calling cards from each. 
This will not cause any of the other cards to be canceled 
until they go unpaid. Don’t overlook the smaller firms 
offering long-distance service. One residential telephone 
connection should yield at least a half-dozen usable tele- 
phone account codes. 

Study the envelopes and packages that the cards arrive 
in. Practice noninvasive postal intercepts to sharpen your 
ability to gain access to card numbers at will. Train certain 
members of the cell to recognize the familiar envelopes and 
task them with obtaining a few numbers. 

Within a thirty- to sixty-day period, the local tele- 
phone service will be disconnected. Amazingly, the local 
service calling card tends to work for about a month after- 
ward, and the AT&T, MCI, and Sprint cards are not 
dependent on the actual service connection for contin- 
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ued activity. They will burn in a few months on their own 
due to nonpayment. 

By spending a few hours a week selecting and connect- 
ing bogus residential phone service, your group can main- 
tain a large number of active, legitimate credit card account 
codes for long-distance use. Once you establish a “flow” of 
these cards using this procedure, you will always havea 
means of contacting any phone in the world. 

Systematic deception exploits the nonparticipatory 
nature of phone service connection as well as the compe- 
tition between the various carriers. It is simple, difficult 
to detect, and virtually impossible to defeat. This ap- 
proach to account code access is unquestionably the most 
secure and reliable. 

A couple of warnings are in order here. You do not 
want to overdo this tactic. You still want to maintain good 
communications discipline; in fact, you may consider 
actually paying for the service that you get connected. 
Always make certain that you destroy the actual cards 
you receive; simply transcribe the code numbers and 
access instructions to a separate sheet of paper, encoding 
them if possible. Also, always use the carrier’s toll-free 
800 number to set up service, and never call anyone who 
can be even remotely associated with you. When the 
phone bill comes in to the mail drop, either pay it or 
destroy it. 

Which brings us to a final warning to the reader, and 
perhaps a useful intelligence collection technique. Under- 
cover agents who circulate in the strange underground 
economy in the United States and abroad have developed 
a unique approach to creating a working file on an indi- 
vidual or interest. Investigative agencies have an invento- 
ty of telephone credit cards they use to study the commu- 
nications of an individual. An operative from an agency 
will approach a low-level drug dealer, for example, and 
give him a “stolen” telephone credit card as a means of 
contacting his connections and associates. The operative 
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tells the target he can use the card number until it burns. 
Of course, the operative can then learn where a certain 
individual or group is getting its product, where a merce- 
nary is getting weapons, and so on by simply monitoring 
the toll billing records of the card number. 

The above investigative technique should turn a few 
wheels in the reader’s head. Regardless of what side you 
happen to be working, this is a realistic area for compro- 
mise, You not only need to control the acquisition of 
these cards and the distribution of the numbers to cell 
members, but you must also consider carefully the source 
of these numbers. Credit card numbers for long-distance 
access can provide your organization with a reliable 
international communications network. They also make 
every contact a potential threat and can destroy your unit. 

It is the communications officer’s responsibility to 
protect the communications plan from penetration. He 
must control access to these cards, advise cell members 
to use them only in the COMMO plan, forbid them to give 
the numbers to anyone, and forbid personal calls with 
them. Also, he should never tell anyone in the organiza- 
tion that the calls are free. 


Systematic deception is the most sophisticated ap- 
proach to anonymous access to the long-distance tele- 
phone networks. The risk to the operation still is focused 
on the content of the conversation, and all COMSEC pro- 
cedures apply. Use this technique with discretion in your 
underground enterprise. 


Telephone Company Internal Codes 

There are a number of useful codes employed by tele- 
phone service technicians at the terminal and junction 
box. These codes are entered into a touch-tone keypad 
and can provide a great deal of basic information and 


access for the covert operator. There are codes internal to 
each calling area and others that seem to be standardized 
nationwide. The 700 number used to reveal the long-dis- 
tance carrier on a line and the #200 code to identify the 
number of the phone being used are two examples of use- 
ful codes that can have a number of advantages in “work- 
ing” the phone system covertly. 

There is one problem in relating various codes, CNA 
(customer name and address) numbers, and so on ina 
book such as this: they will be changed by the phone 
companies in the central office’s system-control software. 
There are a number of publications that regularly divulge 
these service codes, and they actually do somewhat ofa 
disservice to those who wish to operate secretly within 
the telephone system. 

There is another, much more useful way of getting 
these codes yourself that eliminates the phone company 
gaining knowledge of the fact that you have this informa- 
tion. The next time you see a telephone technician, strike 
up a conversation. Phone line technicians and mainte- 
nance personnel generally are public oriented and friend- 
ly. They are also very well-trained technically. By simply 
expressing interest in their occupation while observing 
them at work, you can oftentimes get them to tell you just 
about anything you need to know. Be friendly and inquis- 
itive, and you can learn quite a bit about how to manipu- 
late the phone system with service codes. A useful tech- 
nique is to start a conversation with something like, “Is it 
true that a phone technician can do___ by just dialing a 
certain number into the phone?” 

In Europe and other areas of the world, codes are 
much more difficult to obtain because it seems techni- 
cians are more wary of the potential for abuse. Also, 
European telephone technicians are, as a general rule, 
better trained and paid than American phone techs. 

Regardless of where you are operating, it is seldom 
productive to attempt to bribe information from a phone 
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service technician. The tech knows better than to sell 
codes to gain access to internal long-distance circuits, 
CNA information, etc. However, technicians who were 
employed by a major carrier and are now employed bya 
private company may be more amenable to compensation 
for such information. Pay-phone technicians who work 
for private companies often can be helpful in providing a 
number of clever access codes. Nonetheless, proceed 
with caution, and use common sense in this activity. 

Another useful technique for learning telephone 
operation codes, service procedures, and even local jar- 
gon is simply to monitor TELCO radio transmissions with 
a scanner. Conversations monitored on these frequencies 
are very enlightening, Oftentimes a newer, less experi- 
enced phone technician will call in by radio for instruc- 
tions on how to service or access a specific line or system. 

While conducting certain sensitive ops such as para- 
sitic interconnects and line tapping, monitoring tele- 
phone company radio traffic can be as useful as monitor- 
ing local police traffic. Should your deeds be observed or 
detected, the TELCO radio transmissions may serve as an 
efficient early warning system. 

Although some telephone maintenance vehicles have 
cellular telephones as their radio link, a substantial 
amount of traffic can still be heard on the following radio 
frequencies: 

35.160 Mhz 

43.160 Mhz 

151.985 Mhz 

158.340 Mhz 

451.175 Mhz 

451.225 Mhz 

451.275 Mhz 

451.300 Mhz 

451.325 Mhz 

451.350 Mhz 

451.375 Mhz 
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451.400 Mhz 
451.425 Mhz 
451.450 Mhz 
451.500 Mhz 
451.525 Mhz 
451.550 Mhz 
451.575 Mhz 
451.625 Mhz 
451.675 Mhz 
462.475 Mhz 
462.525 Mhz 


OVERVIEW AND WARNING 
OF THE RISKS AND PENALTIES 


The telephone system can be an integral component 
in any covert COMMO plan. Its versatility and the gener- 
al availability of access makes it perhaps the most useful 
medium for covert communications. Telephones inte- 
grate well with other mediums, such as radio, facsimile, 
and data transmissions. 

Understanding terminal wiring practices and having 
the skill and equipment to operate or intercept within the 
TELCO system is probably one of the most useful capa- 
bilities any underground unit can have. The communica- 
tions officer should focus time and resources on develop- 
ing strategies to use the commercial circuit as part of the 
COMMO plan. 

Stealing telephone service or intercepting telephone 
conversations is, however, a risky activity. Individuals 
and groups have stolen phone service for decades, and 
they will continue to do so. Yet it is important to under- 
stand that these individuals and groups also are caught 
every day. 

The purpose for providing the operative with differ- 
ent approaches to these activities is to assist in the under- 
standing of how an underground group can operate with- 
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in the electronic environment of the telephone system. 
The approaches to phone service theft outlined in this 
book were selected because, for the most part, they are 
nearly impossible to prevent. Nonetheless, these ap- 
proaches are not all that difficult to detect should the 
opposition or TELCO security decide that your organiza- 
tion is intent on stealing service on an organized or sys- 
tematic level. 

In most cases, the advantages of phone service theft 
for the underground organization are based on anonymi- 
ty rather than economics. You can employ many of the 
techniques outlined in this book legally by simply paying 
for the telephone service that you use. This is important 
to consider. In fact, the legal use of telephone services is 
actually one of the most cost-effective means of commu- 
nications available for the underground operation. The 
account numbers themselves can be controlled, and the 
calling patterns of certain agents and operatives can be 
monitored by studying the bills. If the operative simply 
pays all toll charges and keeps the accounts current, the 
prudent use of the telephone is probably the cheapest 
means of maintaining covert C? for an operation on a 
shoestring budget. 

If you are conducting a particularly sensitive opera- 
tion and you steal telephone service to keep in touch with 
elements of your group, you may find a very aggressive 
and diligent army of corporate security and intelligence 
types scrutinizing your activities. You may find yourself 
under active surveillance, your calls monitored and 
recorded, and your operatives methodically compro- 
mised and caught. 

Also keep in mind that you are not the only one with 
access to this book. Your opposition will likely read this 
and similar books regarding communications. 

Going underground intentionally to operate covertly 
is just as intense and paranoia-inducing as going under- 
ground to avoid capture or prosecution. Living on the 


tun is, in fact, like living on the edge of your seat at all 
times. Your thinking can be affected, your sound judg- 
ment reduced, and your activities accelerated out of 
your control. Underground operations often start with a 
plan that goes wrong as soon as it is initiated. Stuff hap- 
pens. Intentionally causing risks by stealing phone ser- 
vice will only add to the dangers already associated with 
your little “enterprise” and can be the downfall of the 
entire operation. 

Corporations and institutions do not like to be targets 
of underground operations. Governments certainly frown 
on attempts to topple them. Communications can be an 
effective tool and weapon against any target, but under- 
stand that the participants must live like fugitives, con- 
stantly on the run, regularly having to sacrifice comfort 
and convenience in order to make the mission succeed. 
There is no glamour or glory in most underground opera- 
tions. Stealing phone service or participating in any other 
activity that is inherently risky will add to the threat of 
compromise. Plan carefully and proceed with caution. 

As the communications planner for an underground 
operation, you will have the most immediate impact on 
its success or failure. Simply because making free phone 
calls can be fairly simple and low risk in nature should 
not necessarily encourage you to consider this activity as 
the main thrust of your COMMO plan. This approach is 
the communications medium of criminals, terrorists, and 
other underworld types who often play a serious game of 
cat and mouse with a very aggressive opposition. And 
they get compromised and caught all the time. The nature 
of their activity is generally much more serious than the 
act of ripping off the phone company in the process of 
conducting their operations. It is important to keep the 
risk relevant to the rewards of your mission. 

Even if you are conducting a minor operation and 
employ telephone service theft as an integral part of 
your COMMO plan, you can face stiff criminal penal- 
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ties. As of May 1991, the maximum sentence for convic- 
tion of communications theft or fraud in the United 
States was fifteen years in prison and a fine of $50,000 
for each conviction. This is a federal crime in the United 
States, and the telecommunications industry has a well- 
funded investigative apparatus that will assist federal 
and state law enforcement groups with the identifica- 
tion and apprehension of those individuals intent on 
fraudulent use of its systems. 
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@ CONCLUSION 


This book could easily have been double its size and 
still not provided every available means of covert com- 
munications. Your specific technical needs, of course, 
could not be predicted completely, so the simplest, 
cheapest, and fastest means of communications were 
selected for inclusion. Use imagination and creativity to 
operate and communicate secretly, and consider the tech- 
niques outlined in this manual only as an introduction to 
the methods available to you. 

There is a significant risk in using almost all of the 
tactics outlined in this book, and most could easily com- 
promise your operation should you decide to accept the 
risks involved. This decision should not be made lightly. 

Regardless of your motives for interest in this tech- 
nology, it is important to bear in mind that many other 
people will also study this book in detail. Proceed with 
the knowledge that there are no secrets here that your 
opposition cannot gain access to. 

Use these techniques at your own risk, and share your 
intentions and knowledge with no one. Underground 
communications demand that the conduct and the con- 
tent be protected diligently. 

If your intentions are honorable and your activities 
focused on empowering the weak or oppressed, it is 
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hoped that this book has provided you with some insight. 
On the other hand, should you wish to commit criminal 
acts or hurt people, there are a lot of clever and diligent 
folks out there who will catch up with you eventually. 

Knowledge is power, but it is not a license to abuse 
power. Don’t get so confident that you believe you are 
capable of operating covertly at the expense of humanity. 
Using the techniques outlined in this book for abuse of 
power may cause things to get quite unpleasant for you 
and your team. Breaking and/or bending the rules to 
make things better for your fellow man is looked upon 
and handled much differently than using the same tech- 
niques to create some sociopathic enterprise bent on 
greed or psychotic hate. 

Use these techniques with caution, and don’t make 
any foolish mistakes. Have fun, and for God’s sake, don’t 
make a mess. 
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INTRODUCTION 


Undercover operations and their obvious relation 
to the techniques of espionage, have acquired a 
mystique and image of glamour that overshadows 
how truly grimy they often are, and the abuses that 
can result from them. In reality, an undercover 
operation is a tool, morally neutral, and it’s the 
people using the tool who make it worthwhile or 
sleazy. This volume will clear up the misconceptions 
and attempt to relate how the different facets of 
undercover operations fit together. 


Undercover work of all sorts is, by its very nature, 
hidden from the public eye. This secrecy often serves 
the purpose of a “license to kill," a way of 
implementing immoral and illegal acts without 
discovery or blame. There's no way of finding out the 
proportion of undercover work that serves such 
Negative purposes. Apart from a very few 
practitioners of the art who write their 
autobiographies at the ends of their careers, 
undercover agents and their employers keep silent. 
Obviously, those who have crossed the line into 
illegal acts have very good reasons for not speaking 
out. The authors of the autobiographies who have 
disclosed their stories are, understandably, 
describing only the deeds which will bring them 
credit. Selective memory helps them to “forget” any 
illegal or questionable investigations in which they 
took part. 


There are a few textbooks on undercover 
operations, dealing with the people and the 
techniques. These are helpful, but don't begin to give 
an idea of the proportion of illegal acts committed 
undercover. Some have veiled references, showing 
that these practices exist, and some contain 
warnings against committing illegal acts. 

A lot of information regarding undercover work 
comes by word-of-mouth. Every investigator has his 
list of informers, and also his little repertoire of 
tricks and secrets. Some of the investigative 
techniques would be compromised if they were 
common knowledge, and others are illegal, which is 
an even better reason for not documenting them. 

Contrary to popular impressions, much 
undercover work is inefficient and wasteful, and 
doesn't produce the needed results. This is one 
aspect that most textbooks don't admit directly. 
Their authors, investigators themselves, don't want 
to admit publicly that they spin their wheels so 
much of the time. 

What, then, can the reader gain from this book? 

First, an understanding of the basic concepts and 
techniques, both legal and illegal. 

Second, an estimate of his own vulnerability to 
undercover work. Many people who feel they lead 
honest lives, and therefore have nothing to hide, will 
be surprised to find there is a corps of undercover 
investigators who specialize in entrapping people 
and in “planting” evidence. This need not be in 
connection with criminal or political cases. 
Undercover work is common in labor-management 
conflicts, and unethical and ambitious people use 
some of these techniques for personal advancement 
by compromising rivals in the corporate setting. 

Third, a grounding in the techniques of security 
and self-protection. 


Fourth, insight into what to expect from 
undercover work. The reader may have need for it 
some day, and may be misled into hiring an 
expensive but ineffective “agency” for this. The 
agency, if run dishonestly, will try to extract as much 
money as possible from the customer, needlessly 
spinning the project out to earn higher fees. 
Providing “intelligence” that is spurious or alarming 
is one way to do this, and it’s practiced by both 
private and government agents. 

Finally, the reader will learn how to mount an 
undercover operation of his own, if the need arises. 
He'll learn how to recruit agents, run them, manage 
them to gain information and evidence. and how to 
avoid some of the pitfalls of undercover work. What 
he lacks in experience, he'll make up in enthusiasm 
and care, because he'll have the most to gain and the 
most to lose. 

It's a dirty world out there, and the first step to self- 
protection is to know the defensive tactics, and in 
severe cases, how to strike back. This book will 
provide an excellent beginning for both. 


THE UNDERCOVER WORLD 


There's a remarkable resemblance between 
international espionage and undercover work by 
police and private agencies, but here we will 
concentrate mainly on civilian undercover work. 
There are several purposes for undercover work as 
practiced by police and private parties: 

(1) To gain information about criminal activities. 
Often, information is enough for the immediate 
Purpose, because it provides leads for further 
investigation. An example is discovering where a 
narcotics dealer keeps his “stash.” With this 
information, a police investigator can obtain a 
search warrant to seize the evidence. 

(2) To gather evidence about criminal activities. 
This is a more demanding task, as the evidence must 
hold up in court and the undercover agent must not 
taint it by any illegal practice if his testimony will be 
required. 

(3) Industrial espionage. This is common practice, 
much more than the public knows. Since it’s a 
clandestine activity, it doesn't appear in the media 
unless there's discovery of an agent, and even then it 
may be handled by other means. “Turning” and 
“playing back” may be more advisable than 
prosecution. 


(4) Labor-management disputes. Both unions 
and management use spies, sometimes clumsily and 
quite openly, but mostly undercover. 

(5) Private investigations. To expose employee 
disloyalty or dishonesty. This can overlap with 
industrial espionage, as some industrial spy-masters 
attempt to recruit employees who can be persuaded 
to deliver information. 

(6) To entrap. This is a no-no, but in fact the 
difference between roping and entrapment is often 
only the agent's testimony, and in court, the jury's 
likely to disbelieve the accused, especially if he has a 
criminal record. 

There's also a remarkable similarity between 
private and police methods of undercover 
operations. This is because in undercover work, the 
police can't use their full authority: seeking search 
warrants, deploying SWAT teams, and other obvious 
measures. Undercover work is done by stealth, not by 
force, and it requires a delicate touch. Basically, the 
police have to follow the same methods as private 
investigators, since flashing a badge would give away 
the operation. 


Sources 


1. Undercover Investigation, J. Kirk Barefoot, 
Springfield, IL, Charles C. Thomas, Publisher, 1975, 
p. 22. 


GETTING DOWN TO CASES 


A look at two undercover operations, one run bya 
police agency and one a strictly unofficial one run by 
private parties, will show how the nuts and bolts of 
undercover work relate to real life. This examination 
will also reveal the uncertainties involved in the 
secret world, and how what seems to be often doesn't 
correspond to what really is. 


Operation Red-Hot Poker 


This was an undercover operation against 
prostitution, run by a local police agency. It was 
under the direction of the detective division, but the 
operation required so much man-power that it drew 
in people from other divisions. 


There were, in this city, a number of houses of 
prostitution operating under the guise of “massage 
parlors,” “escort services,” and “sex therapy clinics.” 
Unlike the streetwalkers, these operations were not 
out in the open. They were strictly indoor operations, 
and the prostitutes tried to keep low profiles. 

They advertised in sex-oriented newspapers to 
attract clients. Building a case against them 
required some undercover and collateral work by the 
detectives. 


The most vital evidence was to be an undercover 
officer who would be able to testify that the girl made 
an offer of sex for pay to him. Corroborating evidence 
was to be rental agreements, showing in whose name 
the premises were, and telephone company records, 
showing which numbers were dialed and to whom 
they were billed. The detectives obtained some of this 
evidence by trash surveys, rummaging through the 
trash to find the supporting material. 

The trash details were conducted at night by 
detectives and other officers who first established 
the trash pick-up days, then went into the alleys and 
yards the night before, when presumably the 
dumpsters would be fullest. The collateral evidence 
collected included condoms, discarded dildoes and 
other sex toys, telephone bills, notes on clients, 
appointment books, jars and tubes of sexual 
lubricants, and other items which served to provide 
information or evidence. 

While possession and use of sex toys, lubricants, 
and the like are not in themselves illegal, the volume 
gathered served to build up a picture of a systematic 
operation on the premises. Finding fifty used 
condoms in the trash of an apartment supposedly 
housing one married couple suggests there is more 
going on than the customary sex relations, no matter 
how sexually active the couple might be. 

The vital evidential component, however, remained 
the offer of sex for pay, or solicitation. For this 
undercover officers were essential. 


The cover required was hasty and superficial, the 
only “must” being that they not appear to be police 
agents. The detectives chosen for these roles had to 
pass as ordinary citizens, with physical appearances 
not suggesting the police. 

There's a certain physical type that police seem to 
prefer. This is the young, healthy, clean-cut athletic 


type, and this image would serve as a give-away. The 
detectives in the undercover unit mostly did not fit 
this pattern, tending to be sloppy, overweight, and 
over-age. They did seem plausible clients for these 
services. 

There were some complications. One of the 
requirements of building a case was that the offer 
had to come from the prostitute, to avoid any 
suggestion of entrapment. The undercover officer 
would have to telephone the number listed in the 
newspaper ad and request “service.” The prostitute 
would not discuss sex acts or prices on the phone, 
and required a personal meeting. This met the 
officer's need, because to have a case he had to 
identify the voice with the prostitute, difficult to do 
without a face-to-face meeting. 


At the meeting, the officer had to let the prostitute 
mention the price. He could, under the guidelines 
laid down by the public defender's office, tell the 
prostitute exactly what he wanted, but could not 
himself suggest that she do it for pay, to avoid any 
taint of entrapment. Once the officer got the offer, he 
would have to leave. This was because the policy 
clearly stated that the officers could not actually 
engage in sex acts. 

Statute and case law limit an officer's involvement 
in a crime. Excessive participation can constitute 
entrapment. This is a murky subject, and many 
agencies “play it safe” to avoid crossing the thin line 
and compromising the case. 

There's also a personal element in vice operations. 
In sex investigations, it can intrude significantly, 
because many of the officers are married. If they were 
to tell their wives what their jobs entailed, and if it 
required having sex with the prostitutes, some of the 
wives would surely object, protesting that their 
husbands were getting to like their jobs too much. 
Normally, some wives do object to their husbands’ 


assignments to vice, because they have dark 
suspicions regarding what the work involves. 

We see the same problem in_ narcotics 
investigations, which involve a lot of undercover 
work. The undercover agent may make a “buy,” but 
requiring him to become an addict is simply asking 
too much. 

This points up some of the limitations in 
undercover work, and shows why it’s often easier to 
“turn” someone who is already criminally involved 
than to have an officer assume the role. 


In “Operation Red-Hot Poker,” it was required that 
two officers separately work each house of 
prostitution, in order to have mutually supporting 
evidence for the search warrant affidavits. This 
brought up another problem. The officers had to 
make up excuses to leave. Some of them claimed 
attacks of conscience, and a reluctance to cheat on 
their wives. Others claimed a last-minute fear of 
venereal disease. All of these excuses seemed 
plausible, but the intense investigation formed a 
pattern, and the detectives were concerned that the 
sudden increase in “dry runs” would arouse the 
suspicion of the prostitutes. 

There was a way around this. Although the officers 
were enjoined from going through the sex act with 
their targets, there was no rule applying to civilian 
volunteers. Accordingly, some were recruited and 
provided with the money to pay, and instructed to go 
through with sex with the girls. 

Once all the evidence was in hand, the detectives 
made out affidavits for the search warrants, and 
raided the premises, scooping up the prostitutes, 
their sex toys, lubricants, and pornographic 
magazines, and most importantly, their “John files,” 
or “trick lists.” The fact that the trick lists had been 
seized was widely publicized, although the lists 
themselves were not published. This was a collateral 


effort to deter potential clients through the 
knowledge that if they patronized prostitutes, their 
identities would be on file and open to seizure by the 
police. 

At least, this was the assumption under which the 
police supposedly labored. This was naive. It’s hard 
to imagine anyone giving his real name to a 
prostitute. Possibly some did, but it’s more likely that 
they gave assumed names, and even identities taken 
from the telephone directory. There was no wholesale 
prosecution of clients in the aftermath of the 
operation, which suggests very strongly that most of 
the names were fictitous. 

Let's move on to another case, which was much 
more complicated because it was entirely unofficial, 
and thus was not subject to any legal restrictions. 


Operation Union 


In one workplace, the employees were intensely 
dissatisfied with working conditions, and one of 
them solicited the representation of a labor union. 
The local's president came to the shop, and visited 
the employees at home, to ask them to sign National 
Labor Relations Board cards requesting a 
certification election. This election would be to 
determine if a union would represent them in 
collective bargaining. The following is a first-person 
account by one of the employees who became a 
central figure in the action. It’s unedited, to give the 
full flavor of the case: 
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When Mel, the union president, came around, I 
was lukewarm to the idea. I thought that a union 
might not be able to do much for us, and that a lot of 
it would be wasted effort We had a good 
production manager who was doing his best for us. 
Still, signed up because I thought it might be worth 
trying. Lfound out that this turned into a really dirty 
and nasty fight, and resulted in a disaster for 
almost everybody in the shop. 

First, the union did manage to sign up the 
majority needed to hold an election. The company 
executives then tried to sweet-talk us into sticking 
with the company and rejecting the union. They 
were very nice to us, took us out to breakfast, gave 
nice speeches, and generally sucked up to us. We 
found out, though, that behind those words was a 
lot of hate and resentment. 


One thing that they did was use spies. These 
were their ass-kissers. These people kept their ears 
open to find out who was pro-union, and reported 
back to the bosses. They attended union meetings, 
to see who else was there. The union president told 
me he knew every company had spies, and the 
company president got a report on each meeting as 
soon as it was over. 

We both knew this was illegal, but knowing it 
and proving it are two different things. The union 
president felt he couldn't do a thing. Also, he was 
against violence, as I was, and didn't approve of 
actions such as slashing their tires. I knew some 
unions did things like this, and they got what they 
wanted, and in a way regretted that we were so 
clean. Maybe it was all for the best, but in the 
following months I had a lot of reason to doubt this 
kid-glove policy. 

A little before this happened, Johnny Patrick 
came to work there. He was a nice little guy, 
always ready with a smile, and a very friendly 
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manner. He said he'd been a Marine in Vietnam, 
and that he'd done some “soldier of fortune” work 
since. I found him interesting, and we became 
JSriends. When the union thing came up, we wound 
up on opposite sides of the fence, but we didn't let 
this ruin our friendship. He was a solid company 
man, and didn't pretend to be otherwise. Still, we 
went out drinking together, and did some crazy 
things. 

I wondered about him, though. Though we were 
on opposite sides, I never tried to pump him about 
the other side, even though I knew he was in solid 
with management. I suspected that he kept up his 
JSriendship with me because he thought he might 
influence me, or pump me. He really did try to get 
me to change my mind a couple of times, while we 
were drinking. 

Because the ass-kissers always came to union 
meetings, those of us who were most for the union 
formed a core group. We met informally, between 
the open meetings, because we had things to 
discuss that we didn’t want reported back to the 
bosses by the spies. 

What brought me out solidly on the side of the 
union was a comic book the company artist drew 
against the union. When I saw that, I hit the roof. It 
was an insult to our intelligence that the 
management felt they had to produce propaganda 
in comic-book form to convince us. From that point 
on, I was a union man, 100%. 

Bit by bit, we did our work among the people who 
were still lukewarm. As it went, it was very close. A 
lot of people were afraid for their jobs, because 
rumors were going around that everybody 
connected with the union would be fired, or that the 
owners would sell the company if the union won. 

The union won by one vote. During the election, 
the NLRB had appointed three people from the 


12 


company side and three from the union to sit as 
observers. I was one of the observers. I saw a 
woman, who'd been pro-company and_ yet 
attended union meetings, taking notes. Under the 
rules, a copy of which I had, it’s illegal to record 
who votes in a certification election. I asked the 
NLRB representative, who was conducting the 
election, if the rules meant what they said. She 
answered yes, and I asked the woman to show us 
what she was writing down. She brought the paper 
up to me, and it was a list of people who'd voted so 
Jar. I showed this to the NLRB rep, and that was the 
end of it. 


After the votes were counted, I saw a funny thing. 
Johnny Patrick went up to the company president 
in the lobby and said to him: “You'll have my 
resignation on your desk Monday morning.” I 
thought that was odd, and had my suspicions why 
he said that. I was never able to prove it, though. I 
never asked Johnny, because I felt he'd never give 
me a straight answer, anyway. 

One month later, the owners sold the company. 
The union had to negotiate a contract with the new 
owners, and just setting up meetings took a lot of 
time. I'd been shop steward, and then we had an 
election for shop steward, and another guy won. 

The new owners also had another company in 
the same line of work, and they decided to combine 
the two. We realized this would make the union 
members outnumbered, and weaken our position. 
This was a worry, because we were starting to 
suspect the new owners would not negotiate in 
good faith, no matter what the law said. It looked 
as if they were stonewalling the negotiations 
already. 

Shortly after taking over, they started layoffs. One 
day, they laid off a whole shift, which by 
coincidence was the shift that was all union men, 
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and we thought that was dirty pool. One of the 
people laid off was the shop steward, and the 
president of the union appointed me again. 


It was about this time I thought we'd better get 
some solid information about the new owners’ 
intentions. I felt my responsibility as shop steward 
very heavily, and thought I'd better try to do what I 
could. I decided to do a little spying, without telling 
anyone, not even the union president. 

Ihad some friends in the front office, closer to the 
executive suite than I was. I decided I would try to 
get some information from them. One of them was 
the comptroller, a very decent guy who had no 
respect for the new management because one of the 
people they'd laid off, the production manager, was 
a good friend of his. 

I arranged to meet him after hours. I paid for the 
drinks and supper, and told him right out that I 
needed information. He was glad to help out. He 
told me the new owners had no intention of signing 
a contract with the union, and intended to delay it 
as long as they could, meanwhile finding one 
reason or another to lay people off. and also wait 
Jor others to quit, so that in a year they could holda 
decertification election with the NLRB and win. 
They already had the votes by bringing in their 
employees from the other plant. 

We met several times, always after work, and 
always at a place far enough from the shop that 
nobody would see us together, except by very bad 
luck. We watched to see if we were being followed, 
but never saw anything suspicious. We both knew 
he was laying his job on the line by providing me 
with information, and I wanted to protect him. The 
union hadn't protected many people so far, and I 
didn't want to make it worse. 


14 


I promised him I would keep his identity secret, 
because I felt I owed it to him, and I kept that 
promise, even though it cost me later. 

I wanted as much information as I could get, just 
to make sure. Another guy I tapped was in the sales 
department, a youngster who was very decent, and 
resented what was going on, even though it didn't 
affect him personally. I met with him after work, 
and he told me basically the same thing. 

A third guy I tapped was a sales manager. He 
confirmed what the others said. None of these guys 
knew I was asking the others. I felt that if these 
people were risking their jobs, I should do my best 
to protect them by keeping their involvement secret, 
even from each other. I could never be sure that one 
wasn't a company fink. I also wanted each to think 
he was alone in feeding me information, in case he 
was trying to tell me a story. 

What impressed me was that all three agreed, 
independently. Once I had the picture, I went to the 
union president. 

This was a disaster. He just wouldn't take me 
seriously. I couldn't tell him exactly who my 
sources were, and I felt this weakened my case. 
Later, I realized maybe he was holding my 
Jriendship with Johnny Patrick against me, as 
everyone knew that Johnny was a 100% company 
man. Maybe it was simply guilt by association, and 
nobody trusted me anymore. 

Looking back, I know my information was right, 
although it might not have looked solid at the.time. 
The union never got a contract, and some months 
after that even the solid union people gave up hope 
and started leaving. I left around that time. A year 
later the company folded. 
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Looking at these two case histories, we can see 
some similarities and some significant differences. 

In both instances, there was a need to preserve 
secrecy. The police didn’t want to blow the operation, 
and the shop steward wanted to protect his sources. 
With the police, the undercover roles had only to last 
a few minutes, long enough to obtain a solicitation 
from the prostitutes. In and out. In the second case, 
it was necessary to preserve secrecy for much longer, 
and for two reasons: to maintain the sources, and to 
protect them from reprisals by management. If 
they'd been fired, they would no longer have been 
able to report information. Personally, they would 
have suffered the consequences of what 
management would have considered betrayal. This 
might well have followed them through their careers, 
poisoning their references. 

In both instances, meeting places were apart from 
the target premises. The detectives met with their 
undercover men out in the field, or at the office, 
without risking compromising them. The shop 
steward had to be very careful in arranging 
meetings. He made sure that he wasn't tailed when 
he went to a meeting, and never saw any indication 
of a tail. This isn't surprising, because the issue 
simply didn't justify that level of effort from 
management. 

The police had the law on their side, and could 
make it stick, if they followed the proper procedures. 
Although the police complain vehemently about 
being hamstrung by legal technicalities, they can get 
search warrants, and they can bring a case to court. 

Both the company and union were operating 
without the sanction of law. The law as it's written 
and as it's enforced are not necessarily the same 
thing. The shop steward had no power to obtain a 
search warrant or any of the advantages the police 
have. He had to do it all totally undercover and alone. 


16 


The police have expense accounts. The shop 
steward had to pay expenses himself. While the 
police prefer not to pay undercover people and 
informers, the shop steward had no choice. He could 
only afford dinners and drinks. He was forced to run 
a shoestring operation, but this turned out to be no 
handicap. 


The shop steward got good information because 
he had high-grade agents in place. Johnny Patrick 
might have been a paid company undercover man, 
but if he was, he blew it, because he was too talkative. 
The company might have infiltrated undercover 
agents that remained undetected, but there's no way 
of knowing that now. 


The police worked two undercover men for each 
operation they raided, and the shop steward didn't 
rely on just one source. He had three, and part of his 
reason for keeping their identities and existence 
secret was to be able to cross-check, in case one of 
them slipped him some bad information. This isn’t 
necessarily distrust; it’s just a normal security 
procedure, very much like a spare tire. 


His three agents had one thing in common: 
attitude. Although not one was strongly pro-union, 
all despised management. They were ideological 
informers, the best kind. 

Another significant aspect was that neither the 
police nor the shop steward used deep penetration 
agents. For the police, superficial cover was enough. 
For the shop steward, his agents were already there, 
with their jobs as legitimate cover. Thus we can't 
consider either of these operations intense 
undercover work, with the laborious building of false 
identities and cover stories. 

Throughout both operations, there was little risk 
of violence as a result of the intelligence-gathering. 
Prostitutes normally don't offer armed resistance to 
arrest, and this union had a history of non-violence. 
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Although there are other unions that do practice 
violence as a matter of normal procedure, and 
informers may wind up floating face-down in the 
river, no violence occurred in this case. There were 
no detectable uses of agent-provocaters in the union 
case history, although this had happened in other 
companies. 

There was also no entrapment in the case of 
“Operation Red-Hot Poker,” and the reason is not 
hard to understand. Entrapment is often a part of 
undercover law enforcement,, with police officers 
offering perjured testimony in court, but in this case 
it wasn't used because it wasn't necessary. The 
prostitution operations were real, and there was no 
need to “frame” the arrestees. 

Finally, we come to the use of undercover 
information. The police, well-organized and 
experienced at making cases, had a 100% success 
rate, and obtained convictions or guilty pleas from all 
the people arrested. 


The union undercover effort, although skillfully 
managed with far fewer resources, produced 
accurate information but failed in the last step: 
utilization. The person to whom the information was 
most important, and who had the power to do 
something with it, brushed it aside for reasons that 
are still not clear. 

These two case histories have covered undercover 
work as it really is, not textbook examples. They've 
shown the problems and pitfalls that impede 
success, what went wrong and what went right. 

There are three steps in the handling of 
information: Procuring information, Evaluating it, 
and Disseminating the information. 

The exact means differ somewhat from case to 
case. In the case of the police, the undercover agents 
played somewhat different roles, their information 
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was straightforward and resulted in search warrant 
affidavits. 

In the case of the union, the acquisition of the 
information took much longer, the evaluation was 
more delicate, and proper utilization was more 
involved than presenting an affidavit to a judge. 

We can see that undercover work, like any 
information-gathering, is one link in a chain. The 
chain must be intact to serve the purpose. One 
broken or weak link nullifies the whole effort. This is 
the principle of grand strategy that rules the game. 


Sources 


1. ‘Undercover Investigation, J. Kirk Barefoot, 
Springfield, IL, Charles C. Thomas, Publishers, 1975, 
p. 70. 
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GLOSSARY 


Between inaccurate factual accounts, and 
romanticized fictional ones, there’s been much 
confusion over undercover methods and 
terminology. It will help if we start by defining some 
of the terms. Many relate both to undercover work 
and espionage, and some are emotionally loaded. 
We'll find that many of the terms are synonymous, 
and that others overlap. We'll also see that people use 
one term if they approve of the activity, and another 
if they don't. A basic glossary of undercover work and 
espionage follows: 


AGENT. Anyone who serves a secret purpose. This is 
a very broad term, and an agent may be a spy, traitor, 
dupe or another type. 


AGENT-IN-PLACE. This is an agent who is already in 
the target group. He may be a citizen of another 
country, a member of a criminal gang, or an 
employee or union member. An agent in place is 
extremely desirable, because there's no need to build 
up a cover for him and to take the laborious and 
sometimes dangerous steps needed to infiltrate him. 
He already has his cover, and it's 100% legitimate. 
His job is to provide information, while staying in his 
position. He has to be careful not to risk exposure, 
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and there are several methods to reduce the risk, 
such as using “cut-outs” and “dead drops.” 


AGENT-PROVOCATEUR. This term comes from the 
French, and today it's often spelled “agent- 
provocater,” an English adaptation. The agent- 
provocater's job is to entrap, to “set up” people, by 
inciting them to commit a compromising act or one 
for which they can be prosecuted. 

A repressive government may try to eliminate an 
opposition party by prosecuting its members for 
overt criminal activities, such as attempting an 
assassination. The Director of the secret police may 
infiltrate an agent to incite such an attempt and to 
inform him when it's about to take place, so he can 
arrest the conspirators and discredit the group. 

An agent-provocater may be used as a “loyalty 
test,” an attempt to induce people normally not 
under suspicion to make disloyal statements. This 
happens both with governments and in corpor- 
ations. 


A businessman, resenting the presence of a union, 
may send in an agent to incite union members into 
something illegal, such as a sit-down strike, violent 
demonstration, or other action which enables the 
company to get a court order and the assistance of 
the police. 


BACKGROUND CHECK. This is sometimes called 
“vetting,” and means investigation of a person's 
background as a preliminary to employment or 
granting a_ security clearance. This means 
interviewing the candidate's friends, former 
employers and associates, to verify his identity, 
reliability, and political sympathies. In police 
practice, a background check also covers criminal 
records. In private corporate practices, it may also 
mean checking on possible union affiliations, 
although this is illegal. 
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BACKSTOPPING. One of the essentials for deep 
cover. False documents can provide superficial 
protection, but they're vulnerable to a background 
check, and even a casual investigation. A driver's 
license, no matter how carefully forged, won't survive 
a check with the motor vehicle office when it turns 
out there is no such person on file. Similarly, a forged 
diploma has no school records to back it up. 

Backstopping can be quite elaborate, and can 
require the cooperation of many persons and the 
insertion of corroborating data into many records. 
This is relatively easy in one’s own country, or one’s 
own company, where cooperation is relatively easy to 
obtain. It's almost impossible in a foreign country, 
where there isn't easy access to records. 


BLOW. To expose an agent or secret operation, 
inadvertently, through carelessness or accident. 


BURN. To expose an agent or secret operation 
purposely, or by serious negligence. A police officer 
who “burns” an informant generally makes it 
difficult for any other prospect to trust him, 
especially because burning a source can result in 
serious violence to that source. 


CONTACT. The agent's contact may also be known 
as his “control.” He services the agent, gives him 
instructions, money and other supplies, and receives 
information from him. This may be by personal 
meeting or other means. 


COUNTER-ESPIONAGE. An effort to counter 
another party's espionage. This can include 
penetrating the opposition’s intelligence agency, 
“turning” his discovered agents, and “playing them 
back.” 
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COUNTER-INTELLIGENCE. An effort to deny 
another party's gathering intelligence. This can be 
through security measures, such as need-to-know, 
physical safeguarding of documents, or physical 
barriers such as fences and locks. 


CUT-OUT. Similar to a contact. This is to protect the 
spy-master, or resident, in case the agent becomes 
compromised and subject to coercion by the 
opposition. The spymaster often uses a contact or 
cut-out to service the agent. The cut-out has only the 
information he needs to do his job, which limits the 
damage if he's caught and made to talk. 


COURIER. This person transmits messages and 
information. He may, in the case of a verbal message, 
know the information, but in the case of a coded or 
written message may not. He differs from the 
“contact” because he has no authority over the 
agent. Like the “cut-out,” he knows only what he 
needs to do his job. 


COVER. This is the fictional background that a spy 
or undercover agent obtains to explain his presence. 
It can be very elaborate, such as when it’s necessary 
to send an agent into a foreign country and provide 
him with the language skills and paperwork to 
enable him to pass as a citizen of that country. A 
police officer may build up a “cover,” including false 
drivers license and other ID, to enable him to pass as 
someone else in order to infiltrate a criminal gang. A 
lower level of cover is necessary when a company 
hires an agent to join the work force to discover 
employee theft. Then, it's merely necessary to develop 
a skill in the work, and to pass as a member of the 
community. This can involve false ID, but often it 
isn't necessary. In some cases, the cover is very thin, 
or even unnecessary, aS when a member of a 


criminal gang or an employee is recruited to serve as 
an agent. Then, it’s only necessary to hide his 
connection with the police. This is an “agent-in- 
place.” 

COVERT. Secret and under cover. A “covert agent” is 
a secret agent. A “covert resident” is one who 
disguises his true function, and who may not be in 
the same country or the same company. A “covert 
source” is a clandestine source, such as a spy, a 
stolen document, or a code-breaking operation. 
Antonym of the term “Overt.” 


DEAD DROP. A place to leave messages, information, 
or supplies, This is usually an inconspicuous spot, a 
hiding place where it's safe to leave material without 
risk of discovery. The purpose is to avoid contact 
between the two parties, so that one may not be 
coerced into identifying the other if caught. 


DEEP COVER. A total suppression of true identity 
and assumption of a false one. Used most often in 
international espionage. 


DEFECTOR. Someone who openly leaves the target 
group, bringing with him information. A defector is 
valuable for political propaganda, and_ the 
information he brings with him may be quite 
valuable, but once he defects, he has no further 
access to information. This is why spymasters 
usually prefer an agent in place, who may keep 
feeding them information for years. This type is 
called a “defector-in-place.” 

Once a defector has come across, he can expect an 
intense “debriefing,” to extract from him as much 
information as possible while his memory is still 
fresh and before the information is out of date. The 
effects of a defection can be severe for the side from 
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which he defected, including a tightening up of 
security, organizational and procedura! changes to 
nullify the information passed, and even arrests and 
executions. 

The defector serves a propaganda purpose, if he’s 
at all political. A citizen of another country, or a 
member of an opposition party, can come out in the 
open and renounce his past affiliation. He can state 
his reasons for so doing, claiming the leaders of the 
@roup are tyrannical and immoral, and otherwise 
defame them. What he doesn't say is as important as 
his public statements. He may have some less 
honorable motives for defecting, such as being in 
trouble with the leaders, or he may be defecting for 
money and the promise of a good life. 


DEFECTOR-IN-PLACE. A synonym for an “agent-in- 
place.” The defector changes loyalty, but remains 
where he is to pass information. A difference is that 
the defector changed out of ideology, while the agent 
may have other motives for serving, such as money 
or an effort to avoid prosecution. A member of a theft 
ring who is caught by the police can be “turned” into 
an agent-in-place, providing information that he 
would not normally furnish. 


DOUBLE AGENT. One who pretends to work for one 
side while really working for the other. A double 
' agent can come about because he's been caught and 
“turned,” and finds the prospect of betraying his 
former loyalty more attractive than the 
consequences if he doesn't. He can also start out asa 
double agent, seeking to penetrate the opposition's 
espionage agency while reporting back to his 
original employer. This can work in a variety of 
situations. A well-organized gang can, for example, 
adopt this practice when an agent or informer is 
discovered. The reasoning is that if they eliminate 
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the agent, another agent will take his place sooner or 
later. The next agent may be harder to discover, and 
the safe course is to nurse the discovered agent 
along, feeding him false information or even actively 
recruiting him as a double agent. 


ESPIONAGE. This word, from the French, means 
gathering information by means of spies. The 
meaning has expanded somewhat in recent years to 
take in other means such as_ electronic 
eavesdropping. 


ENTRAPMENT. Provoking another to commit a 
crime. This is what an agent-provocater does. The 
agent becomes not only a willing participant in an 
illegal act, but he incites it. This is illegal in this 
country, although not in some others. 


FREEDOM FIGHTER. An emotionally positive term 
for anyone who uses violence. See “Terrorist.” 


INFILTRATOR. See “Penetration agent.” 


INFORMANT. This is a person, uninvolved with a 
crime except as a witness, who provides information 
to the police. An informant is not, in principle, a 
secret informant. As a bystander, he can openly 
provide a description of a criminal, and later serve as 
a witness in a trial. 


INFORMER. An undercover agent in place, who 
provides information for pay or other motives. Police 
use “informers” a lot, and these informers are 
usually criminals themselves. They may inform for 
pay, or to get a “deal” from the police if they've been 
caught in a crime. An “informer” always works in 
secret. 
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This is because he must retain the confidence of 
the people on whom he’s informing, and because of 
the danger of retaliation. A criminal gang sometimes 
kills a “squealer.” In any case, exposing the 
informer's connections will “blow” him and end his 
usefulness. Police often use this term inter- 
changeably with “informant.” 


INTELLIGENCE. This is a fancy term for 
information, gathered from open or secret sources. 
Today, most intelligence comes from open sources. 
It’s unfortunate that the English language uses the 
word “intelligence” as a synonym for “information,” 
because it carries a connotation of intellectual 
brilliance, whereas this is often not the case. Other 
languages are more straightforward. In German, the 
term is nachrichten, or information. In French, it's 
renseignement, again meaning information. This 
term leads to other abuses. We hear of “intelligence 
sources,” which can be anything from a newspaper 
account to an informer, and there’s a danger in 
accepting such information uncritically, because it 
can be wrong, depending on the quality of the source 
and the interpretation of the person controlling the 
source. 


LEAK. A disclosure of information, for political or 
criminal purposes. It can be a purposeful leak, as 
when a politician discloses secret information to 
help get him re-elected, or it can be otherwise, as 
when an agent takes it. Security measures are aimed 
at minimizing or eliminating leaks as well as 
purposeful espionage. 


LIVE DROP. This is a person whom the agent meets 
to hand over his information. 


MAIL DROP. A form of dead drop, in the sense that 
there’s no contact between the agent and the 
receiver. This may be a commercial mail drop; or the 
address of a private person. It may be a post-office 
box. The purpose is to avoid the agent's knowing the 
address of the spymaster. 


NEED-TO-KNOW. Restricting secret information to 
those who have a legitimate use for it. This 
minimizes the number with access to it, and thus 
reduces the risk of a “leak.” 


OVERT. Above-ground, and not secret. This term 
applies to information gathered from public sources, 
such as newspapers, press releases, and company 
literature. It also applies to personnel who operate 
openly, such as diplomats, police patrolmen and 
detectives, and company guards. 


PENETRATION AGENT. An infiltrator. This type of 
agent is not part of the target group, and it's 
necessary to insinuate him into it. This task can be 
easy, as when hiring an undercover agent to seek out 
dishonest employees, or it can be so difficult as to be 
almost impossible, as in trying to place an agent asa 
member of a foreign country’s secret police. 
Typically, undercover agents are penetration agents, 
outsiders who “penetrate” into the target group. 
When an agent is recruited from within the group, 
he’s known as an “informer” or an “informant.” 


RESIDENT AGENT. This is a term often used for the 
spy-master, the one who controls a network of 
agents. The resident may be out in the open, as when 
he has diplomatic immunity, or when he's the 
“Director of Security” in a company. His being out in 
the open does not necessarily compromise his work. 
He can also be under a sort of cover himself, not 
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announcing his presence yet taking no risks and not 
being above-board regarding his true role. In a 
company, he may have a title such as “Director of 
Research,” “Vice-President in Charge of Special 
Projects,” or another which doesn't disclose his true 
function. 


PLAYING BACK. This is feeding a discovered agent 
false information to mislead his employer. This not 
only neutralizes his effectiveness, but enables an 
active and aggressive operation against the enemy. 


, Playing back goes one step beyond “turning.” A 
, terrorist group that discovers a government agent 


may play him back by feeding him information that 
they're going to carry out a raid at one location, while 
they really plan to hit another. This draws 


‘ government security forces away from the true site 


and leaves it unprotected. It’s also possible to feed 
back information to lead the opposition to believe 
that another one of their informers is unreliable. 
This is a way of neutralizing an informer. Playing 
back a double agent can become very complex. One 
side can use him to cast doubt on the reliability of 
some of the other's personnel, even highly-placed 
ones. The technique is to feed him information that 
data has been obtained which could have come only 


i from the target, which will cause him to come under 


suspicion. Another complication is that the double 


| agent may change loyalties again, making him a 
' triple agent. 


ROPING. Gaining the confidence of the group the 
agent is infiltrating. This requires good cover, 
discretion, and interpersonal skill, as well as acting 
ability. The agent must convince the target group 


; that he’s one of them. There's a thin line between 
» roping and entrapment, and some agents cross it. 
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SECURITY. A part of counter-intelligence. This 
involves passive measures, such as guards and gates. 


SNITCH. A slang term for “Informer.” 


TERRORIST. Someone who uses conspicuous 
violence. This can be an assassination, planting a 
bomb or other form of sabotage, or hijacking an 
aircraft. This is an emotionally loaded term, and 
whether we call a particular person a “terrorist” or a 
“freedom fighter" depends on which side of the 
political fence we stand. 


TURN. To “turn” someone is to force or persuade him 
to change loyalties. 


TWIST. A means of coercion. A police officer who 
offers to drop charges in return for information has 
a “twist” on his informer. An employer who catches 
an employee stealing, and makes him a similar offer 
is using a “twist.” 


VETTING. See “Background check.” 


Sources 


1. Directory of Mail Drops in the United States and 
Canada, Michael Hoy, Port Townsend, WA, 
Loompanics Unlimited, 1985. 
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STARTING UP 


An undercover operation can Start as a private or 
» company effort, or through a private investigation 

agency. Private agencies try, by extreme secrecy, to 
, build up a mystique and give the impression they 
have almost superhuman expertise in clandestine 
work. This impression is false. There's nothing they 
can do that a dedicated and intelligent individual 
can't do for himself. 


. This requires clarification, because many will 
disagree. Private investigative agencies are often 
' ptaffed by retired police officers, who have built up a 
network of contacts in the law enforcement and 
| Criminal worlds. This gives them access to 
information sources denied to most private citizens. 
Aretired policeman can tap his friends still in active 
, Bervice and obtain a person's criminal history, if any. 
This is usually illegal, but it's common practice 
| because it's easy to avoid detection. In the states in 
which access to motor vehicle information is 
restricted to official agencies, a retired cop can 
. Obtain these, too. His network of criminal informers 
| sometimes can be useful in an investigation 
involving a theft ring. 
| These advantages aren't absolute. A private 
individual who's resourceful can work his way 
' around them and obtain the information he needs 
by other means. 


4 . 


ee 


A corporate president, for example, will usually 
avoid hiring an outside agency, because of the 
expense. Instead, he'll hire a “director of security” 
who often is a retired cop, with all the benefits that 
entails. It's also not commonly known that in many 
states, drivers license records and_ vehicle 
registrations are public information. These are 
available to anyone who pays the nominal fees. 

There's an additional advantage that a private 
individual has over the investigative agency. The 
agency is licensed, and under the scrutiny of the 
state licensing board. This limits its realm of action 
somewhat. Among other things, state law usually 
dictates that a private investigator have a clean 
criminal record, as must anyone working for him. 
Circumventing this is a risk, and the licensed 
investigator must be prepared to take a risk if 
employing a criminal is the only choice he has. 

In the real world, unlike the world of public 
relations brochures, the agency's real function is to 
convince the client that it's doing a good job, a better 
one than he could do for himself. Often, the client is 
intimidated because of his unfamiliarity with the 
world of private investigation, and spends more than 
he needs to. 

This is the seamy side of private investigative 
work. The profit motive is often behind some 
unethical practices. One facet is that private 
agencies often try to hire the cheapest help they can, 
and have to settle for the lowest slice of the labor 
pool. This is why so many “rent-a-cops” are poor 
quality. Many of their plain-clothes counterparts are 
no better. While there are retired policemen in the 
field, there are also failed cops, those who didn't 
make the grade for one reason or another, or were 
forced to resign because of questionable or poor 
performance. 

Regarding unethical practices, some employees of 
private agencies will go overboard in their zeal,2 and 
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the result can be quite destructive. To be fair, it's not 

always the agency's exclusive fault. Some clients 

Solicit illegal actions, or try to make the investigator 
_ an inadvertent co-conspirator in a crime. A client 
i, might employ an investigator to tail someone on the 
\ pretext that he suspects him of an illicit liaison with 
Mis wife. Actually, he might be trying to find out his 
4; echedule, to set him up for a “hit.” 

} Infiltrating an undercover agent is a lengthy task, 
‘and requires a lot of patience and money. However, 
‘it's in the agency's interest to spin the case out as 
Jong as possible, in order to collect a bigger fee. 
| These considerations lead to suspicion of any 
‘investigative agency, except one recommended by 
®omeone whose judgement you respect. Otherwise, 
) you might be burned. You might consider doing it 
| yourself. This isn't as shaky an idea as it might seem 
;) at first, because in fact many of the people employed 

by investigative agencies are of such poor quality 

that you can probably recruit better yourself. One 
such agency recruited people who literally walked in 
}. “off the street,” with no qualifications whatever, to be 
“ undercover shoppers. It was a low-grade task, but it's 
possible that some agents might have fudged their 
, Yeports in an effort to score points. 

There's much to recommend a do-it-yourself 
‘operation.; Cost is one factor. This should be 
secondary, but often, with higher executives 
watching the budget, it becomes critical. An in- 
' house agent costs far less. The outside agent collects 
i his agency salary, the agency tacks overhead and a 
H lice margin onto it, and the agent also collects one 
from your company. 

. _ Even the police have their own in-house security. 
, The New York Police Department, for example, has 
the most-publicized program of all. It has an office 
, which, whatever the current name, handles “internal 
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4 affairs.” It recruits police trainees while they're still 
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in the academy, arranging for them to report 
clandestinely to a member of this secret office. The 
police-officer-undercover-agent observes his fellow 
students, and when he graduates, reports on the 
personnel and events at his patrol assignment. The 
office uses these “field associates” to uncover 
evidence of corruption and malfeasance among 
members of the department. 


This measure is necessary because of the closed 
society that makes up the policeman’s world. The 
rule is: “You don't tell on another cop.” This 
conspiracy of silence has honest officers disap- 
proving of corrupt practices, but keeping silent 
about them for fear of being ostracized on the job. To 
overcome this, it's necessary to recruit undercover 
“field associates” before they become indoctrinated 
into the cop's world and its clannish values. 

A similar, but weaker, ethic permeates both white 
and blue-collar workers. Among blue-collar em- 
ployees, there's a strong feeling of “us and them.” 
This leads them to stand together against manage- 
ment, and to turn a blind eye on fellow employees 
who misbehave. This is part of the “unwritten law.” 


Among white-collar employees, there's more of an 
attitude of calculation. The white-collar type is more 
likely to consider whether disclosure of a fellow 
employee's dishonesty will help or hinder his career. 
The dishonest employee might have a friend “higher- 
up,” or may be the visible part of a ring that includes 
some top executives who could hurt the whistle- 
blower. On the other hand, it might pay to score 
some points and establish bonafides, proving 
company loyalty by snitching on someone dishonest. 
It can go either way. 


Many of the largest corporations have their own 


security departments, which handle the guard force, 
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overt investigations, and undercover work. General 
Motors had 4,200 security personnel in 1978, 
according to one source.4 
If you're considering running an undercover 
# operation yourself, you'll find that you have to havea 
* natural flair for it. Someone you hire for this purpose 
| should have similar qualities. The needed skills are, 
‘among others: 
(1) The ability to blend in with almost any group. 
ont w who feels comfortable in dealing with 


ople will have an easier time of it than someone 

ho is awkward. 

(2) A strong stomach. You may see things you don't 
like, but must be able to take them with outward 
calm. 

(3) Acting ability, to be able to play a role. 

(4) A good memory, not only for your cover story, 
but for the names, faces, and facts you'll encounter 
and have to remember. 

(5) The ability to think on your feet. Improvisation 
is sometimes vital to working an undercover 
assignment. 

(6) Alertness. It’s necessary to keep alert to small 
details, as well as grasp the major events. 
~ (7) Finally, the ability to avoid romanticizing the 
task. There's no room for “James Bond" types here. A 
starry-eyed romanticist may not be able to overcome 
the temptation to talk about it, which is extremely 
undesirable. He also may show excessive zeal, try too 
hard, and compromise the whole effort. 
| Formal education isn't vital, unless the 

assignment requires talent for work that entails a 
degree. Common sense is the most important 
quality, because it brings with it the ability to 
improvise. Last but not least, the quality we call 
} “native intelligence” is important. 
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Sources 


1. How To Get Anything On Anybody, Lee Lapin, 
Auburn Wolf Publishing, 584 Castro Street, Suite 
301, San Francisco, CA 94114. Chapter 30, pp. 156- 
176, tells how to obtain public information such as 
driving records and vehicle registrations. Included is 
a list of state offices to contact. This book's a gold 
mine for anyone wanting to get into the field, 
although it dwells heavily on technical means, 
(bugging) and some of the detailed discussions of 
bugging may be tiresome as well as more than you 
need. 


2. Undercover Investigation, J. Kirk Barefoot, 
Springfield, IL, Charles C. Thomas, Publisher, 1975, 
p. 16. Barefoot points out that undercover operators 
do try to entrap innocent people in order to better 
their positions, and that polygraph tests serve to 
discover these. 

3. Ibid., pp. 9-11. Here, we find a good discussion of 
the author's experiences at in-house corporate 
security, and his reasons for preferring such to 
hiring an outside agency. He makes a good case. 
4. The Private Sector, George O'Toole, New York, W. 
W. Norton Company, 1978, p. 42. 
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UNDERCOVER WORK 
AND THE LAW 


If you're a privately employed undercover agent, 
you need a basic knowledge of what you're legally 
| empowered to do. Equally important is knowing 
| what you can't legally do. It would be naive to expect 
that all undercover agents will walk the straight and 
narrow by respecting the law, but at least this 
,, Chapter will give you an understanding of what 
you're facing. 

' What follows is an approximation of the laws in 
most of the 50 states. The emphasis here will be 
“practical,” rather than “legal.” There's a great 
difference between how the law reads, and how it's 
enforced. The main determinant in a civil and 
criminal action is not guilt or innocence, but 
| vulnerability to prosecution. In plain language, some 
cases are harder to prove than others. Some law- 
' breakers cover their tracks better than others. This 
is important to keep in mind because part of your 
| task will be gathering evidence to support 
/ prosecution, and the better the evidence you collect, 
the more successful you'll be. 
| _ All of the following will be in plain language, at a 
slight risk of inaccuracy for the sake of clarity. In any 
' event, you should check any critical point out with a 
lawyer, because the laws do vary from one 
q jurisdiction to another. They also vary from one time 
' to another, as courts issue decisions, and other 
courts reverse them. 
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Investigative Powers 


Generally, a private investigator must conduct his 
investigations without what we call “police powers.” 
A witness is under no obligation to furnish him 
information. The investigator cannot charge a 
witness with “obstructing justice” as a police officer 
can. He cannot obtain a warrant for arrest or search. 
Each state has its code of rules for private 
investigators, and they tend to be one-sided. A 
private investigator is not a cop, purely and simply. 
He must, moreover, report any information 
regarding criminal activity to the police, but they're 
under no obligation to inform him of any matter 
pertaining to a case upon which they're engaged. 


Law of Arrests 


A private agent can only make a “citizen's arrest.” 
This comes from common law and allows any citizen 
who witnesses a crime to arrest the perpetrator. The 
police, on the other hand, can serve an arrest 
warrant. They can arrest on “probable cause,” but 
this is somewhat vague. A private agent cannot do 
either, as a rule. If he doesn't see the crime, he can’t 
make an arrest. Trying to do so exposes him to 
serious legal liability. 


Search and Seizure 


The Law of Search and Seizure is complicated, 
especially for police. There are new court rulings 
almost every day, modifying the rules dealing with 
the circumstances in which they can search a 
suspect and his property. For private investigators, 
it's much simpler. Everything's prohibited, except 
with the consent of the owner. In one sense, this isn't 
a serious limitation, because in industrial cases, 
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management gives consent to search, explicitly or 
implicitly. However, searching employees’ lockers 
even on company premises is another problem, and 
may be forbidden in your state. 

A curious exception to this is that, although your 
} search is illegal, the evidence you turn up is 
admissible. Private agents are not limited by the 
same constitutional safeguards as are official police. 
You're liable for breaking and entering, but you can 

make a case with illegally-obtained evidence.; 


Evidence 


There are several different types of evidence, and 
various laws dealing with the obtaining and 
handling of evidence. 

Direct Evidence is eyewitness testimony or any 
other that proves the claim directly. 

Circumstantial Evidence proves the claim 
indirectly, such as a suspect's having no alibi during 
a questioned period. 

Supporting Evidence doesn’t deal directly with 
guilt or innocence, but supports the claim, as for 
example by demonstrating a motive, or an expressed 
’ desire to commit an illegal act. 

Hearsay is not evidence. A third-party allegation 
that he heard the suspect admit guilt may be a 
useful investigative lead, but is not able to stand up 
in court. 


A Confession can be introduced as evidence in 
many circumstances. This is the reason behind the 
Miranda Warning, in which an arrestee is advised of 
his “rights,” the important one being that he does 
not have to give evidence against himself by 
answering police questions. The Miranda Warning 
does not apply to private agents, only to official 
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police. This is because the constitutional safeguards 
protect only against the government and its agents, 
not against a private citizen.2 

Tainted Evidence is that illegally obtained. 
Although valid, it can be “suppressed,” or thrown out 
of court, because it was obtained illegally. An 
example is a confession obtained through torture. 
Another is wiretap evidence obtained without a 
warrant. This applies mainly to the official police. As 
noted above, private cops have more latitude. 

Physical Evidence is material such as 
fingerprints, tire tracks, etc. It's important to note 
that physical evidence can convict or clear a suspect. 

You'll generally be seeking two types of 
information and material in your work: investigative 
leads, and evidence. Much information and 
evidence available to you simply won't be admissible 
in court. This doesn’t mean you're necessarily 
unethical and taking short-cuts in obtaining 
evidence, but that by its very nature it isn't 
admissible, such as “hearsay.” However, an 
investigative lead can allow you to develop evidence 
that will stand up in court. 

An example is a rumor in the shop that a certain 
employee is taking company property. This isn't 
evidence, but can lead you to watch him carefully, 
and to arrange for surveillance when he leaves the 
workplace. This can turn up admissible evidence. 

Another is a rumor regarding an employee who 
lives above his means. Living well is not a crime in 
any State, but lacking a logical explanation, such as 
inherited wealth or a rich wife, it can focus an 
investigation and lead to gathering evidence. 


Bugging 


Generally, bugging, wiretapping, and any other 
interception of communications are prohibited to 
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private investigators. The Federal Communications 
Act prohibits disclosure of the contents of any 
message, even if overheard accidentally and 
innocently, as in radio traffic. However, this law is 
almost impossible to enforce, for obvious reasons. 
State laws prohibit telephone wiretapping, except on 
a warrant, and judges don't issue warrants to private 
security officers. There is an exception — for 
telephone company investigators. They're allowed to 
tap phones merely on suspicion of a fraud against 
the telephone company. This is in the Omnibus 
Crime Control and Safe Streets Act of 1968. The 
telephone company, with its clout, managed to get 
this imprimatur from the government without 
attracting too much notice. 

Federal law prohibits intercepting mail, except to 
postal inspectors with warrants. Laws against 
breaking and entering limit access to premises in 
placing a “bug,” and some states have laws dealing 
directly with “bugs.” These are easier to enforce 
because a “bug" is physical evidence. 


Labor-Management Problems 


Section 8A-1 of the National Labor Relations Act 
prohibits an employer from coercing or trying to 
unduly influence union activity. While the word 
“spying” is not in the language of the Act, court 
interpretations have held that this is inferred, and 
prohibited. An undercover agent who reports on 
union activity is violating the Act. 

Sometimes, there's an arrangement whereby the 
employer hires an undercover agent to investigate 
what is nominally a criminal case, an accusation of 
theft, but is really a cover for a union investigation. 
This is very hard to prove, and the chances of getting 
away with it are good. 


In real life, employers don't often have to engage 
outside undercover agents to penetrate a union. 
There are enough willing spies in the work force. 
These will take advantage of a union crisis to try to 
score points with the employer by reporting on fellow 
employees. These are amateurs, but there's really no 
need for a professional because the task is simple 
enough. Attending union meetings and striking up 
conversations with other employees to discover their 
sympathies isn’t difficult. Because they've been 
working since before the start of the crisis, company 
spies have a very good view of the events, and already 
know the alignments of their fellow workers. 


Entrapment 


This is the big no-no. Inducing someone to commit 
a crime is illegal. It's important to note what 
constitutes “inducing,” though. Providing the 
opportunity is not inducement, under the law. 
Leaving property unprotected does not allow anyone 
to steal it with impunity. Entrapment involves 
negotiations to persuade someone who otherwise 
would not have committed a crime to do so. To 
defend against a charge of entrapment, it helps if you 
can show that: 

(1) The accused had prior convictions for this 
offense. 

(2) He repeated the act several times. 

(3) He committed the act in front of others, or dealt 
in an illegal transaction with others. 

(4) You did not participate in the crime. 

Experienced undercover operators know how to 
finesse their way around the prohibition regarding 
entrapment. There are ways of subtly suggesting 
that a crime might be worthwhile. The operator 
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' merely has to pick out a likely target and say 
} something like this: “Boy, anybody could make off 
with that if they wanted,” and wait for the reaction. 
This is part of the “roping” technique. 


Conclusion 


There are legal “ins-and-outs” which you must 
know before starting an undercover program. On the 
one hand, you want to avoid becoming liable to 
prosecution. On the other, you may want to develop 
evidence that will enable you to prosecute someone 
else. In this regard, some of the points listed above 
} show the contrast between employing a private 
citizen for your purposes, and hiring an off-duty 
police officer. The officer is limited by certain 
constitutional safeguards that don't restrict the 
private citizen. The officer has certain police powers 
which don't vanish when he goes off-duty. Balancing 
your needs against the situation will help you make 
the right decision. To be doubly sure, consult your 
' lawyer, because the law may be different in your 
locale, and court decisions are constantly changing 
| the interpretations. 


Sources 


‘ 1, The Private Sector, George O'Toole, New York, W. 
} W. Norton Company, 1978, p. 12. 


2. Ibid., p. 12. 


RECRUITING AGENTS 


Recruiting an agent or informer can pose a 
problem. Much depends on the candidate's motive. 
In the case of an employer seeking a trusted 
employee to help him uncover theft, his candidate 
may be a very honest person with strong company 
loyalty, who resents anyone taking advantage of his 
boss. This is the ideological agent, and usually this 
sort is very reliable. In espionage, the same principle 
applies. A spy or traitor who works for the opposition 
out of ideology will be loyal unto death. 


On the other hand, a recruit with an investigative 

agency may be a failed cop, a person who didn't make 
the grade for acceptance into the police department 
but who still wants to do investigative work. This 
brings up the danger of excessive zeal, in which the 
undercover person may fake evidence to “make the 
case. 
Some recruit their people from military police or 
intelligence agencies. There are many short-term 
agents who leave the military after their enlistment 
periods end, and these are a pool of potential talent 
for private agencies. More important than their 
police or intelligence backgrounds is why they left. 
One obvious possibility is that they were 
unsuccessful in the field, and the prospective 
employer must be careful not to take such a 
background at face value. It may not be a 
qualification at all. 
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The most common motive with a private agency is, 
of course, money. The agents seek to earn a living, 
. and are interested in making as much as they can. If 
the agency has an incentive system, very common in 
this private-enterprise-oriented country, it will pass 
out bonuses for productivity. Such bonuses can be 
| irresistable temptations to a hungry agent. 

Money motivation is a loser. Police officers don't 
like to pay informers, because they know that, under 
the system of paying for information piecemeal, the 
informers are tempted to manufacture “intelligence” 
' to satisfy their masters. There's an incentive to 
| produce more, in order to get more payments. 

Working a “twist” on an informer is a more reliable 
method. The informer knows that he has to pass 
only enough information to “get off the hook,” and is 
| less tempted to over-produce. This method is still not 
| 100% reliable, as a desperate informer may “finger” 
' someone else to take the heat from himself. 
Checking reliability is an uncertain process, but 
i the control must try, to reduce the chances of his 
getting bad information. A common technique is to 
have the agent go through a polygraph examin- 
ation.; The polygraph is unreliable, and has been 
oversold, but many place their misguided faith in it. 
| The main value of the polygraph is to intimidate the 
person who believes that it will unerringly detect any 

lies. 
+ Another method of checking the suitability of 
applicants is psychological tests. This is slowly 
| gaining acceptance among police organizations in 
recruiting of patrolmen. However, only about 39% of 
police agencies rely on psychological assessments. 

There's good reason for distrust of psychological 
assessments. One immediate and obvious one is that 
any tests or interviews only show the candidate's 
performance at the moment, and may easily not truly 
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reflect his personality. Another is that many tests 
aren't adequately validated, with a consequent loss 
of reliability. 

The new computerized versions of psychological 
tests are quicker and cheaper, but no better, than 
their manually administered predecessors. Some 
small “psychological assessment” services offer these 
to police agencies, claiming that they are almost 
infallible. This is mere huckstering. No test is 
infallible, computerized or not, and any such claim is 
an outright lie.g 

Assessing a potential agent is difficult, but one 
good guide is background. If the candidate has had 
successful experience in the field, he’s more likely to 
work out well. Past performance is the best guide to 
future performance, although it sometimes fails, 
because of “burnout” and other reasons. 

Another, better, but more expensive method, is to 
send in two or more agents, and cross-check their 
information. It's essential that the agents have 
absolutely no knowledge of each other's existence, to 
avoid collusion. 

This practice, however, has led to situations, 
undocumented but believable, in which agents 
informed on each other, each thinking the other was 
a target. 

The dictum; “It's hard to find good hired help these 
days,” applies especially to agents and informers. 


Sources 


1. Undercover Investigation, J. Kirk Barefoot, 
Springfield, IL, Charles C. Thomas, Publisher, 1975, 
p. 16. Barefoot points out that undercover operators 
do try to entrap innocent people in order to better 
their positions, and that polygraph tests serve to 
discover these. 
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2. Applicant Investigation Techniques in Law 
Enforcement, John P. Harlan, Ph.D., and Patrick A. 
Mueller, J.D., Springfield, IL, Charles C. Thomas, 
Publisher, 1985, pp. 6-7. 


3. The author's experience in this regard is worth 
relating: 

At a Fraternal Order of Police Convention, there 
was a “trade show” displaying police-related 
products and services. One of the services, run byan 
ex-cop turned polygraph examiner and a Ph.D. 
psychologist, was a computerized personnel 
psychological “screening” service. The two operators 
had their computers with them, and claimed they 


. could screen out unreliable and undesirable 


applicants at low cost with their tests. 


One test was a_ simple, pre-employment 
questionnaire. The other was a long clinical test that 
had been originally devised for use with mental 
patients. Both were true-false types. When I asked 
them what prevented an applicant from simply lying, 
they claimed that the tests had built-in “lie scores” to 
detect untruthfulness. These were based on the 
assumption that there are no perfect people: there's 
something wrong with everybody, and anyone who 
claimed not to drink, worry, become depressed, or 
have any other faults, was obviously being 
untruthful. One of them, the ex-cop, invited me to 
take one of the tests. I agreed, warning him that I 
intended to “dive-bomb" it. I sat down at the 
computer and punched in my answers to the 
questions, lying discreetly but significantly.’ The 
evaluation, which printed out a few minutes later, 
showed me quite truthful and employable, but witha 
problem driving record. Perplexed, the individual 
asked me to take the test over, this time being 
truthful. I did, and the printout showed me to be 
alcoholic, prone to drug use, uncooperative, and 
generally unemployable. 


His partner, the psychologist, asked me to take the 
clinical personality test, answering truthfully. I did, 
and found that I'm sociopathic, perhaps even 
needing institutionalization. 

As a check, I showed the printouts to my wife, 
asking: “Is this really me?” She scowled and handed 
them back, unimpressed. Showing them to two 
former employers for comments provoked laughter 
and ridicule of the testing procedures. 

This is why it’s necessary to be extremely cautious 
with psychological methods of assessment, 
computerized or not. They deal with intangibles, and 
can easily result in rejection of some very suitable 
candidates. In fact, they tend to be biased because 
they're derived from institutional backgrounds, and 
tend to be pejorative. In simple language, they show 
what's wrong with a person, not what's right, and 
they usually exaggerate. 


48 


TRAINING THE AGENT 


Except for government operations, training of 
- agents is done on the cheap. Private companies, ever 
| paying attention to the budget, skimp on training. 
When we read of CIA training camps, with their 
month-long courses, the contrast with private efforts 
/ 1s striking. A security agency will spend perhaps four 
| or five days in training an agent, at most., 
| Training is unsystematized. It usually consists of 
having the trainee read reports of cases and then 
practice writing reports himself.. In reality, this 
doesn't teach him how to work a case; it teaches him 
how to write reports. 
One very important reason for the scanty training 
is that many believe agents are born, not made. It’s 
' convenient to believe this when faced with the profit 
motive, and the need to earn as much as possible 
with minimal investment. 
| Another reason for the hurried training of 
undercover agents is that it must always be 
| individual training. “Need-to-know” limits the class 
| size to one, to prevent each agent from knowing the 
i identities of any others. Individual instruction can 
' be very expensive. 
| For anyone interested in providing good training 
} for his agents, the job can be broken down into 
separate tasks, and the recruit can polish his skills 
in each one. 


a 


One skill which is both essential and easy to polish 
is interviewing technique. An agent who will work 
undercover at a workplace must apply for the job in 
the same way as other applicants. If the personnel 
manager or foreman isn't in on the secret, the agent 
can expect no help there, and must maintain his 
cover and appear good enough to be chosen for the 
job. 

Training in interviewing skill comes in three 
phases. First, the instructor runs the recruit 
through a role-play, interviewing the recruit for a 
hypothetical job. He notes only any deficiencies, and 
after the role-play is over, advises the student how to 
correct his problems. He then sends him out to 
practice, applying at employment agencies and 
company personnel offices for real jobs. In so doing, 
the student agent can put down anything he wishes 
on the application form because the purpose is to 
practice interviewing, and putting himself across 
convincingly face to face. Applying for a position for 
which he's totally unqualified will test his ability to 
the utmost. If he can convince the interviewer that 
he really is what he says he is, that’s good enough for 
the purpose of training. In time, a reference check 
would expose him, but as he'll fill in a false name and 
address on his application, this is of no importance. 

This system costs the instructor nothing except 
the student's salary. The many unwitting personnel 
people whom the student contacts serve as sparring 
partners, at someone else’s expense. 

The third phase is to run through another role- 
play, when the instructor appraises how well his 
student has learned the technique. 

Instruction in the technique of “roping” can be a 
short briefing, and a dry run. The instructor assigns 
the student to spend some time in bars, and to 
produce written reports on any information he's 


been able to glean. Another method is for the student 
| to pretend to be a salesman, visiting companies and 
attempt to extract information from the people he 
| contacts. The reports should also contain the 
student's account of how he_ steered the 
conversations, and his reasons. This will give the 
instructor an idea of how well the student 
understands the basics. A final role-playing dry-run 
will help the instructor judge whether his pupil has 

| developed enough skill in roping. 
= The ability to shake a tail can be important in the 
proposed assignment, if the agent will have to have 
personal meetings with his agency control. The 
instructor can give the student a basic lecture in the 
techniques of tailing, and start him off on the other 
side of the process, by having him tail people pointed 
out to him. The student's task will be to follow them 
home and report the name and address. This gives 
the instructor a dual opportunity: he can appraise 
his student's skill, and also his truthfulness and 
reliability. Telephoning the subject of the tail on a 
pretext can establish if the student is reporting 

correctly.3 

The next step is to test the student's ability to 
shake a tail. An experienced and overt investigator 
' will tail the student, without his knowing that he's 
the subject of the exercise. The only briefing the 
student will get is at the start of the tailing phase of 
instruction. This will determine the student's 
alertness, especially as the tail will follow the student 
while he's tailing someone else, or after normal 
| working hours, when he's likely to relax his guard. 
'~ An orientation regarding the types of undercover 
assignments possible will give the student a good 
perspective, even if he never has to perform all of 
| them. The instructor should lay them out for the 
, student, briefly describing them and their relative 
‘ degrees of risk and difficulty. The simplest type of 


undercover work is area_coverage. The agent 
establishes cover, living or running a business in the 
area, for general surveillance. One example was that 
of two British Army enlisted personnel, who set up a 
laundry in Belfast for intelligence purposes. The 
clothing they handled for their customers was 
examined for traces of explosives or cartridge 
propellant. This was valuable in furnishing leads for 
investigation. 

It was also dangerous. Somehow, members of the 
IRA discovered their affiliation with the British Army 
and assassinated one member of the team. 


Another area in which undercover assignments 
come about are cases of insurance fraud. A claimant 
may have been disabled, and even have medical 
evidence regarding his disability. Planting an 
undercover agent in the area may disclose that the 
claimant is actually not as disabled as he says. The 
agent can secretly photograph or videotape him 
walking, running, or mowing the lawn to prove the 
case. 

Employment is one of the most common types of 
uridercover assignment. Because other chapters deal 
with this extensively, there's no need to go further 
into it here. 

Infiltration means joining a group, and a deeper 
involvement than simple employment. Often, the 
target's a criminal gang, and the risk, if discovered, is 
high. 

Spying, in the classic sense, is even more difficult 
and risky. Not only can there be a physical risk, but a 
legal one. In many instances, corporate espionage is 
vulnerable to at least civil prosecution. 

Impersonation is extraordinarily difficult; Few 
attempt it, and this sort of assignment is not likely to 
come an agent’s way in a lifetime. 
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Individualized instruction has one _ great 
| advantage. The instructor can tailor it to the needs of 
the student and the case. A part of the training will 
| be an ad hoc briefing, in which the instructor will lay 
out the assignment to the agent. He'll provide a 
sketch of the personalities involved, the nature of the 
assignment, particular points to watch, and the nuts 
and bolts of how and how often to report, what 
information to seek, and other important details. 
| The instructor can refer the student to written 

materials to save time. As noted above, having him 
read operational reports will show him the format 
| desired, and having the student write a few himself, 
dealing with his practice assignments, will 
demonstrate whether or not he understands. There 
are various investigative manuals which can aid in 
| providing a detailed briefing., 


Sources 


| 1, Undercover Investigation, J. Kirk Barefoot, 
| Springfield, IL, Charles C. Thomas, Publisher, 1975 
pp. 19-21. 


2. Ibid., pp. 20-21. 


3. By pointing out people leaving a store to the 
student, the instructor can always later phone the 
subjects and claim that he’s the store manager 
trying to return an item lost by that person. If the 
| person denies having been in the store, this shows 
that something is seriously wrong. In this regard, it’s 
important to note that people who are suitable for 
undercover work have to have a talent for deception, 
| and that some of them may be practicing deception 
upon their employers. A symptom that appears early 
in the process suggests that the student, if allowed to 
continue, might be filing spurious reports when he 
goes operational. 
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4. The Making of a Spy, Raymond Palmer, Crescent 
Books, 1977, pp. 32-33. 


5. Methods of Disguise, John Sample, Port 
Townsend, WA, Loompanics Unlimited, 1984, pp. 
127-138. Trying to impersonate someone to his 
friends and associates is almost impossible. It can 
work if the target has never met the person being 
impersonated, but only knows him by reputation or 
by correspondence. 


6. The Investigator's Handbook, Walter M. Strobl, 
Boston, MA, Butterworth Publishers, 1984. This 
book is full of checklists on points to watch in an 
investigation, as well as detailed information on 
types of characteristics of crimes that come under 
investigation. While the title suggests that it’s of 
interest to an “investigator,” much of the book 
contains information useful to the undercover agent 
and his tasks. There are detailed explanations of 
different types of businesses and their organization, 
methods of theft and fraud, and lists of loopholes in 
security upon which the undercover agent can 
report. A few chapters on traffic investigation, report 
writing, narcotics, and related subjects round it out. 
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BRIEFING FOR THE 
ASSIGNMENT 


There are many nuts-and-bolts details that the 
undercover agent must have before starting. The 
supervisor or “control” must make sure to brief him 
thoroughly, as any omissions can result in serious 
repercussions. 

The first item is the nature of the task. This isn't 
as simple as it might seem. One vital point, for 
example, in an employee theft investigation, is 
whether the client is seeking to prosecute, or merely 
to discover the thieves. This will determine the way 
in which the undercover investigator goes about his 
job. If the need is to prosecute, he'll have to be 
diligent in gathering evidence. 

’ The client may not want to prosecute, for several 
‘reasons., Bringing in the police means publicity, and 
‘sometimes company policy frowns on this. A 
‘prosecution can also impede other, contem- 
poraneous, investigations. In a prosecution, the 
undercover agent is usually “blown,” because he 
‘has to appear in court to give evidence. Finally, 

rosecution using an undercover agent opens up a 

ssible defense of entrapment, which is a can of 
‘worms. Such a defense often depends on whose word 

ie jury accepts, and if the defendent has a better 
ourtroom presence than the undercover agent, 
ere can be an acquittal. 


| 
| 
| 


For these reasons, management often feels that 
firing for cause is the preferable course. In one sense, 
punishment is swift and sure, and the deterrent 
effect on other employees is part of the rationale. 


Sometimes, the assignment is not criminal, but in 
a category some call “employee misconduct."2 
Drinking on the job, using marijuana, sexual 
deviations, and simply goofing off are not necessarily 
criminal offenses, but may be against company rules. 
In such instances, internal disciplinary action, 
possibly including discharge for cause, is the only 
recourse open to the company. 


In other instances, the investigation may concern 
employee efficiency. Retailers hire undercover 
shoppers to pose as customers and observe the sales 
clerks. They note if they're courteous, give prompt 
service, and handle requests for information or sales 
quickly and efficiently. They also note if any 
employee rings up false sales or short-changes 
customers. This shows that the dividing line 
between a criminal and a lesser investigation is very 
thin, and in fact they often overlap. In some 
jurisdictions, for example, smoking one marijuana 
“joint” is not a crime, but possession of a larger 
amount is. 

There are administrative and tactical points to 
cover: 


Expenses 


Understanding the expenses allowed is important. 
How much “walking around money” does the agent 
get? Are there moving expenses? How does he 
replenish his expense money? How often does he 
make contact? With whom? By mail? Phone? Can he 
remember the number, or must he write it 
unobtrusively? 
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Contact 


In a touchy assignment, making contact can 
require special security measures. Phoning from 
| home is out. The line might be tapped. Phoning the 
security control at home is wise, and doing it froma 
| public phone is best. In some cases, there will be a 
, special number to phone, attended by an answering 
| machine, to tape the agent's reports for later 
, transcription. 


There may be a need for an emergency contact 
, procedure. The quickest and most convenient way is 
| to use the telephone — an emergency number, 
| manned 24 hours a day by someone who is familiar 
with the case and can get in touch with the control 
, at any time. The emergency contact procedure may 
| be a code phrase, such as “I heard your sister's sick.” 
in case the agent may be overheard. 


Reports 


There will probably be a need for written reports. 
| Where does the agent write them? To whom does he 
send them? How often? One source suggests issuing 
stamped envelopes to the agent.3 If they're also 
} addressed, they can be compromising, especially if 
the agent carries them with him for convenience. For 
Peecurity, it's best to issue envelopes and stamps 
separately, or have the agent buy them as he needs 
them. Americans normally don’t write many letters, 
and a supply of ready-to-mail envelopes is sure to 
}arouse curiosity, especially if they're addressed to 
‘XYZ Investigative Services.” 

* Using a “live drop” is a fairly safe way of sending 
written reports. The addressee should not be an 
employee of the agency, as a superficial check would 
disclose this fact. A mail forwarding service isn't 
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secure, because the discretion of the service owner is 
uncertain. A paid receiver, or a relative or friend of a 
member of the agency are the best possibilities. 

Another point to watch is not to have a return 
address on the envelope. , This can blow the cover if 
for some reason the envelope comes back to the 
agent's address. 

In some instances, personal meetings with his 
control may be part of the task. Going to such a 
meeting requires getting rid of possible “details.” 
The agent should have gotten some training in 
tailing and counter-surveillance during training. 


Company personnel are part of the picture, and 
the agent must know if he’s authorized to contact 
anyone at the company, even in an emergency. This 
usually isn't the case, but the agent should know 
who knows about him at the assignment. 


He must know where to apply for the job, and be 
rehearsed in the details of his cover identity, if any. If 
there are any special instructions about living 
accomodations, now is the time to give them. 


Once hired, he must have a list of suspects, or at 
least an area to investigate. He must never know if 
there are other agents already placed with the 
assignment. This is particularly important if the 
undercover assignment is with a criminal gang. 
What he doesn't know, he can’t divulge. 

Sometimes the briefing takes many days. If the 
agent's required to relocate to an unfamiliar city, he 
needs time in which to find a place to live and to 
become familiar with the locale. Working an interim 
job can be useful, as it gives maximum contact with 
the residents, and gives the agent a “feel” for the 
locale. 

One point which no source treats adequately is 
what to do with a failed assignment, such as when 
an agent fails to be hired. Does the investigator 
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abandon the task, or does he try to send in someone 
else? Before he can decide, he must find out the 
reason for the failure. Sometimes it's obvious, as 
when an agent inadvertently “blows” his cover. 
Sometimes, it's more subtle. 

In some cases, applicants take an ability test.5 Too 
high a score for the job can result in the applicant's 
being judged “over-qualified,” and not getting hired. 


Debriefing 


Having the failed agent report back and going 

| through a thorough debriefing can pave the way for 

a second try. However blatant the failure, there's 

always some information he can bring back with 
him that can be useful in a second try. 


| Sometimes the personnel manager, if he’s not in 

on the secret, can be a serious obstacle. One way to 
handle this is to bypass him to bring in the agent, 
claiming that he was hired from a temporary agency. 
This isn't the best cover, but if it's all that’s available, 
| it may have to do. 

Another way is to send the personnel manager on 
vacation, or on a special assignment, to get him out 
of the way. This can work with almost anyone who 
gets in the way, and is the prerogative of the 
company executive who engages the investigative 
agency. 

The problem of pay needs handling in a way that 
won't compromise the security of the agent. Does he 
keep both his security agency and company 
paychecks? He can cash or deposit his company 
paycheck openly, but his other one can compromise 
him. Does he need it to live? Can the agency deposit 

} it into his account by mail? Carrying a bank card, 
checkbook, credit card, deposit slip, or other 
financial document can blow his cover. 


The briefing is necessary preparation for the 
assignment. Skimping on it can be as harmful as 
skimping on training, and compromise the agent. 


Sources 


1. The Process of Investigation: Concepts and 
Strategies for the Security Professional, Charles A. 
Sennewald, Boston, MA, Butterworth Publishers, 
1981, p. 51. 


2. The Investigator's Handbook, Walter M. Strobl, 
Boston, Butterworth Publishers, 1984, pp. 81-88. 


3. Ibid., p. 150. 


4. Fundamentals of Criminal Investigation, Charles 
E. and Gregory L. O'Hara, Springfield, IL, Charles C. 
Thomas, Publisher, 1980, p. 225. 


5. Undercover Investigation, J. Kirk Barefoot, 
Springfield, IL, Charles C. Thomas, Publisher, 1975, 
p. 38. 
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ESTABLISHING COVER 


The need for cover depends a lot on the nature of 
the assignment and the people involved. If the 
assignment requires infiltrating a company to 
discover employee theft, the cover needed will be 
superficial. If the nature of the work is unskilled, or 
low-skilled there's no need to establish a deep 
background. 

If the work is skilled craftmanship, cover will be 
more difficult. One authority writes of having the 


/ agent work for a few months in another job in the 


new city, and then apply at the target company.1 This 
is mostly nonsense. It's usually not possible to learn 
a skilled trade in a few months. In many skilled 
trades, it seems that everyone knows everyone else. 
Anyone with only a few months’ experience will 


| stand out. There are exceptions in cities with large 


transient populations. In such cases, it’s normal for 
someone to “blow into town” and seek a job. 
Experience in the trade is necessary, and faking it 
{is difficult. Employees may have worked at the 
company the applicant claims on his record, or may 
know someone who still does. A casual word can 
blow the cover. Experienced employees can also 
easily tell if someone actually has the skill for the job. 


In infiltrating the world of crime, it's almost as 


} difficult, sometimes more dangerous, and establish- 


ing cover takes somewhat more work. It’s necessary 


to construct a criminal record for the agent, and to 
backstop it. 


Backstopping 


Superficial cover is sometimes as simple as 
assuming a new identity, without any corroborating 
documents. This will sometimes do, because the 
subject of the investigation isn't likely to ask to 
scrutinize the contents of the agent's wallet. In a 
drug assignment, for example, leaving the badge 
home usually suffices. In other instances, deeper 
cover is necessary. A few business cards, which most 
people accept at face value, is enough for an area 
assignment. 

An agent who infiltrates a workplace will have to 
contend with a long-term assignment, during which 
his cover will have to stand up. The depth of the 
cover required will depend on the thoroughness of 
the investigation the opposition is likely to make. An 
agent who claims to have worked at another 
company should actually have worked there, or put 
on his application the name of a supervisor who will 
tell any callers that he did. If he claims to have lived 
in a certain city, he must actually have done so, 
although not necessarily for as long a time as he 
claims. He may well meet someone who asks him 
questions about the locale, and if he doesn't know 
the name of the main street, freeway, or even if the 
city has a subway, he'll blow his cover immediately. 


Document and background checks are rare in 
most investigations, and the agent usually doesn't 
have to worry about a fellow employee visiting his 
alleged old neighborhood to verify that he actually 
attended school there. A falsified drivers license can 
be a problem, but not because of fellow employees. A 
cop who calls for a license check by radio will 
immediately spot a forged license, because the motor 
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vehicle bureau will have no record of it. This is why 
some backstopping is necessary, starting with a 
birth certificate. This enables getting other 
documents openly, and there will be the agency 
records to backstop them. One point to be noted is 
that obtaining any sort of official papers such as a 
drivers license under a false identity is illegal. 

In criminal cases, it may be slightly more 
complicated than this. Sometimes, it can be as 
simple as inserting the agent's fingerprint card into 
police files, in the expectation that a criminal gang 
will have contacts in the police department to check 
the record. In the criminal world, background 
checking often entails finding mutual 
acquaintances who can vouch for the newcomer. 
Sometimes an informer can make the introduction 
and recommendation. In extreme cases, to build up 
the proper network of acquaintances, it will be 
necessary for the agent to serve time in prison to 
establish his bona fides. This will be on a fabricated 
charge, to which he'll plead guilty to shorten the 
process. 

Once in prison, he can begin making 
acquaintances just by being there. Within the walls, 
he'll have a hard time being accepted at first, but 
with time, confidence will grow. Once he's released, 
he'll be able to use name-dropping, mentioning 
convicts whom he met in the “jug.” 


For most agents, the main part of their cover is 
simply hiding any connection with the police or 
company management. The truly hard parts are 
} already done. They're American natives, speak 
English, and have lived here all their lives. The 
espionage technique of “pocket litter,” carrying 
corroborating items such as bus and train tickets, 
isn’t applicable here, as this doesn't involve 
infiltration of a foreign country or passing 
examination by expert counter-espionage police, 
such as the Gestapo. Although one source 
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recommends carrying corroborative papers, this is 
overkill. It's enough simply not to carry anything 
that conflicts with the role, such as a drivers license 
or credit card in another name.2 

It's pointless, as we've seen, to try to place an agent 
who doesn't have the skill required for the job ina 
company. In criminal enterprises, the same rule 
applies, but it’s not as obvious, because nobody has 
ever documented the job skills required for various 
criminal occupations. 

In setting up a new identity for the undercover 
agent, it helps to have him use the same first name, 
to guard against the possibility that someone might 
call out his real name and he would respond to it. 
This could happen quite innocently, but anyone who 
claims to be “Jack —— " who turns his head when 
someone shouts, “Hey, Phil” would be suspected. 


Attention to detail is vital. An undercover agent 
can assume that at some time or other he'll be 
scrutinized very carefully, and the basic framework 
of this new identity includes removing all traces of 
his former connections. Among other things, this 
means: 

(1) Cleaning out his wallet, setting aside all credit 
cards, drivers licenses, Social Security cards, and any 
other identifying documents that don't fit in with 
his new identity. 

(2) Not driving a car registered to his old identity 
or his company. Criminals do have contacts in 
official agencies, and having the plate number 
checked out is possible for a criminal with such 
connections. In states where vehicle registrations 
are public records, checking out a car is very easy. It 
can happen by accident, too. If, while driving with a 
fellow employee, the undercover agent gets stopped 
for a traffic violation, the police officer will routinely 
radio in a request for a check on the plate number. If 
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the name on the registration doesn’t match the cover 
identity, this will blow the whole operation. 

(3) The “need to know” principle is essential. 
Knowledge of the undercover operative's presence 
must go only to those people who need to know to 
help in the success of the operation. This means 
that, in the infiltration into a company, only one top 
executive in that company, the one who instigates 
the project, should know of it, and he should not 
share his knowledge with anyone unless there's no 
other choice. 

(4) The agent should seek entry through normal 
channels. If the normal practice in hiring is for the 
applicants to go through the foreman, the agent 
can't have the personnel manager or president bring 
him down to the shop and announce that he’s a new 
employee. This would be so out of place that it would 
be jarring, and would attract too much attention for 
the project ever to succeed. 

This implies that the agent must be able to get the 
| job on his own merits, not by “pull.” Even if he were 

inserted into the workplace without arousing 

suspicion because of the method, he would not gain 
acceptance by the other employees if he were 
obviously unskilled and out of place. 

(5) Part of the task of protecting a cover identity is 
to know as much as possible about the histories of 
the people in the group to be infiltrated. This helps to 
avoid conflicts. If, for example, the agent claims to be 

} from a certain city, and to have attended a certain 

|, school, it would be compromising to have a member 
of the group confront him and announce that he 

} lived in the same place, went to the same school, and 
didn't remember him. This applies also to the work 
history, as we have seen. 

(6) Attention to detail is important in not blowing 
the cover. The agent's home must also be consistent 


with his cover identity. He can expect to have some of 
his fellow-workers as guests, to cement the 
friendships, and if they see anything that 
contradicts the cover, it will be dangerous. Letters 
from the agent's relatives, if addresseed to his old 
name, can give him away. Luggage with the wrong 
initials is also compromising. A monogrammed 
handkerchief is a give-away. 

The home must also fit the persona. A beer- 
drinking, blue-collar type will attract attention if his 
home has many works of art, or a piano. Bookcases 
can be give-aways, too, especially if the old high 
school album is among the books. 


Maintaining the Cover 


The undercover agent must be prepared to put in 
many hours on the job. His work doesn't stop when 
five o'clock comes. In most cases, the most important 
part begins. Socializing with other employees is vital, 
and the agent must be prepared to live his 
undercover life fully. 

This demand on his time means that, if he's 
married, it will put a strain on the relationship. It 
also introduces the complication that his wife must 
also live an undercover life. If he has children, it can 
complicate the picture so much as to make it 
unworkable, as it's unreasonable to expect children 
to assume cover identities to match the needs of 
their father's work. The alternative is to live away 
from home for the duration of the task. 

If he does this, the effect on his personal life can be 
severe. He has to leave his friends and relatives, and 
remain out of contact for the duration of the 
assignment. He can't receive mail, as the conflict in 
names would give him away. He can't save letters, or 
write to his relatives and friends, because if his home 
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is ever searched, the paper would give him away. 
This is one reason why bachelors and divorcees are 
preferable for the deep cover assignments. 

The telephone is one way of keeping in contact, but 
this means he must place his calls from a public 
phone, to avoid tell-tale traces on his bill. It also 
minimizes the risk of a wiretap disclosing his 
identity. 

Cover must be well-planned. It must be as deep 
and thorough as the assignment requires. Failure to 
watch the details can have serious consequences. 
This is the control's job, but also the agent's 
responsibility. He's the one who runs the risks. 


Sources 


1. Undercover Investigation, J. Kirk Barefoot, 
Springfield, IL, Charles C. Thomas, Publisher, 1975, 
pp. 36-45. 


2. D.E.A. Narcotics Investigator's Manual, Paladin 
Press, Boulder, CO, p. 104. 


INFILTRATION 


Once there's a clear need for an undercover agent 
in a company, it becomes necessary to put one in | 
place. There are several possibilities here, and it’s 
necessary to examine each one to find the best 
solution. | 


Recruiting in Place 


The first is to recruit someone who is already | 
working for the company. This, a variation of the 
“informer” used by police, is the simplest way, 
because there's no problem in establishing cover or 
hiring an outside agency. The main drawback is that 
the employer may not be sure of this person's 
reliability or honesty. There have been cases of long- 
term employees, faithfully serving the company for 
years, “turning” and becoming dishonest. Another i 
drawback is that the prospective recruit may not feel | 
comfortable in “ratting” on his fellow workers. Yet 
another problem may come about if employee- 
management relations are strained. The employee 
might view any effort by management to recruit him 
as dirty pool, no matter how legitimate it may be. If | 
there's a union, there's the danger of this effort 
appearing as a union-busting activity. 

Finally, a suitable candidate among the employees 
might not be as suitable as he seems, because if the 
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employer trusts him implicitly, this may be apparent 
to others. He might have a reputation as a “company 
man,” and therefore be unable to penetrate a group 
engaged in dishonest activity because the members 
will hold him at arm's length. 


Hiring an Investigative Agency 


Many private investigative agencies advertise 
openly that they do undercover work for companies. 
These agencies vary in levels of competence, and 
there's good reason to be cautious in choosing one. 

Many of the agents are poorly-trained.; They get a 
week, at most, the sort of patch-up job that barely 
prepares them for this demanding task. Some of the 
larger agencies have traveling undercover agents, 
skilled specialists who go from job to job as needed. 
These are more expensive. They may also not be 
available when you need them. 

If the agency is competent, the director of 
investigations will require a list of all your 
employees, and probably copies of their entire 
personnel files. This is to check out their work 
backgrounds, to ensure that there's nobody there 
who knows the undercover agent by another name, 
or worked at the same company during an 
investigation. Such a person could compromise the 
operation at the start. If one of your employees does 
know the undercover agent, the director of 
investigations might choose another agent, or he 
might ask that you fire that employee, leaving the 
pretext and the dirty work up to you. 

The prospective agent would need the skill for the 
job, as inserting him otherwise would seem 
suspicious. There must be an opening. It’s possible 
to create an opening by promoting or reassigning 
the person already working in the slot. 
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Hiring should go through normal channels, to 
avoid suspicion. In small companies, the owner often 
does the hiring himself, and this isn't a problem 
except that he must follow his usual procedure every 
step. If prospective employees normally fill out 
applications, the agent must also do this. Although 
much hiring is through the “hidden job market,” by 
word-of-mouth, it will enhance credibility to 
advertise the job in the classified ads, and interview 
applicants. 

If the company is large enough so that hiring is 
delegated to a foreman, or a personnel manager, it's 
necessary to take him into your confidence. “Need- 
to-know”" is very important here, as is honesty. This 
means that you must be sure he's both discreet and 
not part of the subject of investigation. He places the 
ads, goes through the motions of interviewing the 
applicants, and makes the selection. There must be 
no obvious favoritism, and the applicant must truly 
be qualified for the job to avoid arousing suspicion. 

For higher-level jobs in a large company, the Chief 
Executive Officer will usually do the hiring himself. 
This gives him the latitude to choose whom he 
wishes, and placing an agent is simpler. Finding an 
agent who can “fit in” and carry out the 
responsibilities of the job will be harder, though. 
Agents who can blend into a blue-collar workplace 
often won't fit into high-level corporate manage- 
ment. In this regard, the CEO can give direct help, 
especially if the agent reports directly to him as 
regards the formal table of organization. The CEO 
usually has the latitude to hire a “personal 
assistant,” and define his duties which lets him 
adjust the job to the agent's skills and to “cover” for 
his shortcomings. This can only go so far, though, 
because to be sucessful in the undercover role, the 
agent has to be able not only to do the job, but to be 
accepted by others. If he doesn’t seem to “fit in,” to 
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share their values, backgrounds, and attitudes, he 
won't become part of the group. 

Once hired, the agent must appear to be just 
another employee. He will make his contacts through 
his agency, not through you, and you'll get your 
reports from the agency.2 The quality of these 
reports will depend very heavily on the intelligence, 
skill, and diligence of the agent. 


Do-It-Yourself 


You might decide the best course is to work your 
agents yourself, from recruiting and hiring, through 
the many weeks or years of case-work. Some of this 
will fall into your lap. In most groups of employees, 
there are some who are willing to do “favors” for the 
boss, to further their ambitions. Exploiting these, 
while cautioning them to be discreet, will accomplish 
the purpose. If you're lucky enough to find an 
employee who is willing to do this because he's 
basically ethical, or out of loyalty to you or the 


company, count your blessings and make the most of 
him. 


This is a long-term plan. In this regard, it’s better 
to have an agent in place before the need comes up 
than to try to insert one, from whatever sources, after 
the problem arises. There is a danger, of course. 
You'll have to draw from the same human material 
as for your other employees, and you may get an 
unpleasant surprise. Your trusted agent may turn 
dishonest after many years. This is why he must 
never go solo. Having two or more agents, each 
believing he's the only one, is a good way to ensure 
reliability. Cross-checking their reports will give you 
a good idea of their quality and honesty. 

Discretion is important, not only to conceal the 
true activity from possibly dishonest employees, but 
from other agents. Your agents must never get 
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reputations as “company men.” They should not 
show an overly-friendly attitude towards you, and 
you should not be overly-familiar with them “on 
company time.” They must understand the need for 
this, and know you can make it up to them in other 
ways. Secret meetings or phone calls are common 
ways to maintain contact. 


Whichever way you choose to get your undercover 
agents, infiltration will be a barrier you must 
overcome to ensure success. It's a continuing task, 
because infiltration doesn't stop once the agent is 
hired. He must maintain his cover and work his case 
without compromising himself. 


Infiltration in Other Contexts 


A classic private undercover infiltration began in 
1873, when there were labor-management problems 
in the Pennsylvania coal mines.; The Pinkerton 
Detective Agency, which had a number of railroad 
companies as accounts, took on the task of fighting 
the “Molly Maguires,” which would have been called 
a “terrorist group” had the term been in vogue at the 
time. An undercover agent, James McParland, 
gravitated to the area and found a job under the 
name of James McKenna. He gained the confidence 
of the other workers, and was able to infiltrate the 
Molly Maguires. He worked undercover for three 
years, gathering information for investigative leads 
and evidence for prosecution. His assignment was 
dangerous, in the sense that if his true role had come 
to the surface, the Molly Maguires would have had no 
hesitation in disposing of him. However, they were 
relatively unsophisticated, and McParland/McKenna 
was able to continue his undercover work 
unsuspected. 


The underground press had a series of articles on 
“Tommy the Traveler” in the late 1960s. “Tommy” 
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was apparently a government agent, a mobile 
infiltrator who went around the country posing asa 
“peace activist’ and infiltrating various local 
movements. He became well-known, with his 
photograph published in various sources, but his 
true identity never came to light. 

The various enforcement arms of the U.S. 
Goverment have many such traveling undercover 
agents. They infiltrate criminal gangs and organized 
crime. Some concentrate on terrorists. Under- 
standably, they receive little publicity, and because of 
their mobility, they don't become too well known. 
Whenever the cover wears thin, the parent agency 
pulls them out and re-assigns them. 


One fascinating autobiographical account tells of 
a U.S. Secret Service agent who spent much of his 
time undercover., A good deal of his work concerned 
counterfeiters. A reading of his book gives many 
interesting details of the undercover life. We find the 
need to keep a low profile, and still know when to be 
assertive. Motto had to learn the criminal argot to fit 
in. Reading between the lines, we see how he took 
some short-cuts with procedure, bending the law 
slightly to make the case. Although Motto didn't 
write it as a textbook, it’s a very worthwhile guide to 
the realities of undercover work during that era, and 
many of the principles Motto applied are valid today. 

Police investigation of various sorts of white-collar 
crime involves some undercover work.s5 Direct 
penetration is not as valuable or effective as other 
techniques. Some of these operations involve selling 
fraudulent “deals.” This offers an opportunity for an 
operative to seek work as a salesman, learning first- 
hand the deceptive practices for later evidence. He 
can testify that the people running the operation 
instructed him to use deception in “selling” to 
customers. 


Another way is to infiltrate as a victim. Many real- 
life victims are unwilling to come forth, because of 
their shame at having been outwitted. An 
undercover operator, using very thin cover (“leave 
the badge at home”) can pose as a client, responding 
to advertisements and attending the sales 
presentations. The only special technique needed 
might be a concealed tape recorder, to confirm his 
testimony if the sales pitch is crooked. 

Another technique is to join fraudulent religious 
organizations, send away for quack cures or present 
oneself directly for “treatment.” 

A news organization infiltrated Chicago's nether 
world to gather information for what became both a 
newspaper expose and a segment on the TV show’60 
Minutes.” During the time they operated a real bar 
for other purposes, they encountered corrupt city 
officials, an accountant who instructed them on how 
to fudge their books to show lower earnings, a 
“business broker” who knew all the angles and 
earned the title of “Mr. Fixit,” anda crooked fireman, 
among others.g 

We see that infiltration takes many forms. The 
agent can be employee, victim, customer, bystander, 
and play many different roles. The cover can be 
superficial or deep, and the infiltration can serve 
many purposes, from information-gathering for a 
news agency to various sorts of criminal and civil 
prosecutions. 
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5. The Investigation of White-Collar Crime, Law 
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ROPING OR GAINING 
CONFIDENCE 


In any group, it takes time for a newcomer to gain 
acceptance. If there’s a criminal enterprise involved, 
there's deep suspicion of any “outsider” and a stand- 
offish attitude on the part of the established 
members of the group. Only when the newcomer is 
no longer a newcomer will he have a chance to get 
into the inner circle. 

Often, the first sign of acceptance will be an 
invitation to have a drink with the boys after work. 
This can lead to a closer acquaintance, if the agent 
plays it right and doesn't try to rush it. 

There are two techniques to speed up the process 
of acceptance, and neither one is under the control of 
the agent: 

(1) Have more newcomers arrive. A company may 
be hiring many people, and this makes the agent an 
“old hand” or “regular” more quickly than if he had 
to compare his seniority with those who have been 
there twenty years. Some companies have high 
turnover rates, which helps this process. Other 
companies have very low turnover, and it will take 
much longer for a newcomer to gain acceptance. 

(2) Send in a decoy, an agent who makes himself 
conspicuous by asking indiscreet questions, by 
listening in on conversations, looking in drawers 
and toolboxes, and trying to get too friendly too soon. 
This will draw attention away from the real agent. 
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When the real agent has gotten an “in,” the decoy can 
leave, his job done. Nobody will miss him, because it 
was his task to not “fit in.” 

The problem with this method is that in some 
instances the decoy, especially if he does his job too 
well, may suffer for it. In a blue-collar environment, 
antagonisms are often settled on the loading dock or 
in the alley. In a white-collar milieu, there’s less 
chance of violence, but there can easily be more 
suspicion. 

Gaining confidence, or “roping,” is a subtle 
process. It involves letting the targets know your 
values and attitudes are similar to theirs. The 
behavior required is the same as that needed to be 
accepted into any group, illicit or not. 

First, it’s necessary to keep a “low profile,” not 
attract undue attention to yourself. Normally, a 
newcomer attracts enough attention. 

Adopting a friendly, approachable manner to all 
you meet helps your eventual acceptance. In 
undercover work, there’s no room for personality 
clashes, because these can stand in the way of 
gaining valuable information or contacts. 

Part of the technique of demonstrating shared 
attitudes is to try to share after-hours recreation. If 
the norm is to “stop off” for a drink, join in, but don't 
get too affected by the alcohol. A bowling league 
might form the core group of a theft ring. The 
possibilities are endless. Realistically, this is one of 
the limitations. An undercover agent can't be 
everywhere, know everybody, and do everything. 
Using good judgement will help pick out the most 
productive activities, but one agent may not be able 
to cover all the possiblities. 

In a criminal gang there are some additional 
techniques to speed up acceptance. One is to have a 
“turned” member vouch for the undercover agent. 


This has its benefits, but also its great risk. The 
turned member must be fairly reliable, because he 
literally holds the agent's life in his hands. If he 
turned once, he may turn again. 

One way of minimizing this risk is to have him 
arrested shortly after he helps establish the agent 
with the gang. This is hard to do while keeping him 
utterly incommunicado, and there's still a risk that 
he might change his mind and pass the word. His 
arrest also might lead to an interpretation that the 
agent had something to do with it. 

Fortunately, there's a safer way. It's now common 
practice to relocate and disguise witnesses and 
informers. The Federal Government has had such a 
program running for over two decades, and some 
local agencies have followed suit. This enables the 
person to drop out of sight, and as this is a voluntary 
process, it’s relatively easy to keep the person 
incommunicado. The handlers can bolster his fear, 
persuading him to keep his head down, by feeding 
him false “intelligence” reports that there's a 
contract out on him. 

Dropping out of sight doesn’t necessarily mean the 
other members will see him as a snitch under police 
protection. He can, before he disappears, let out a 
cover story that he’s relocating to another part of the 
country for family or other reasons, thereby avoiding 
stigmatizing the agent. 


There's yet another way to get rid of the 
embarrassing presence of the helpful snitch. In large 
cities, unidentified people are involved in accidents 
fairly often. The police can make it appear the snitch 
died in an accident. Arranging this can be difficult, 
because the accident must have been such that the 
body is not recognizable. 

Normally, it won't be possible to use these 
techniques, and the agent must proceed slowly, but 
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surely. The basic principle is to keep a low profile, to 
blend in with the crowd, and not be too aggressive. 
The required behavior is exactly the opposite of that 
shown by the decoy agent, mentioned above. 

There should be no overly intense rush to 
establish friendship. This can lead to rejection. It's 
best to keep fairly quiet, and simply do the job, 
without becoming personal with anyone at first. 

In a workplace, there's always curiosity about a 
newcomer. Sooner or later someone will sidle up to 
him and ask some casual questions about his work 
experience and his personal life. This person is 
usually the company gossip, and such attention 
doesn't necessarily signify suspicion. He may be 
invited for a drink after work. This offers the 
opportunity to do some roping. 

Roping involves getting established with the group 
and eliciting information subtly. The skilled roper 
will not ask direct questions, knowing this would be 
indiscreet and excite suspicion. Instead, he'll wait for 
the subject to come up. In some instances, he can 
speed up the pace by revealing damaging 
“information” about himself during the drinking 
session. 

One way of doing this, if investigating a theft ring, 
is to tell his target that he was once fired from a job 
for stealing. He can go on by saying that he felt he 
was justified in stealing from his company because 
the wages were so low that he felt that he “had it 
coming to him.” This fits in perfectly with the 
“unwritten law,” and may provoke a response from 
the target. At least, it will show a degree of trust the 
agent places in his target by revealing this damaging 
information, which presumably is not on his 
employment application. 

This also shows a similarity in values between the 
agent and his target. Most people who steal from 
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their employers don't see themselves as bad people. 
They feel they're just “getting what's mine,” and 
taking unofficial compensation from the company. 

The technique of roping is_ exclusively 
interpersonal relations. This is a skill that most 
people develop naturally, and some become very good 
at it. The prevailing view used to be that this skill is 
inborn, and one agent of the old school became very 
good at it, and concluded many successful cases.) 

The new view is that this skill can be learned.2 
This is reasonable, because the “art” of roping is 
really an interplay of verbal tactics. To understand it, 
it's important to be able to think on your feet, and 
the new agent can develop this skill by role-playing. 
Repeated rehearsals can improve interpersonal 
skills, even the specialized ones needed for roping, 
and an enlightened training director will have sucha 
program. 
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dialogs demonstrating the right and wrong way to 
act in various scenarios. 
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EMPLOYEE THEFT 


This is probably the biggest dollar-volume category 
of crime in this country. It easily outranks 
shoplifting because employees operate on the 
“inside,” and know the employer's inventory, facility, 
and security system intimately. Contributing to this 
picture are some short-sighted policies by employers. 


The Unwritten Law 


There's an unwritten law that governs employee 
theft. ome which both casual thieves and 
professionals follow. It's not found in religion, not 
descended from common law, not codified in any 
statute book, or case law, and many people ignore it. 
It's rarely admitted, and never documented, but it's 
no less real. 

The unwritten law is very powerful, because this is 
what people actually do, not what they preach. The 
unwritten law varies somewhat from person to 
person, but it’s approximately as follows: 

(1) It's all right to steal from the boss, but not from 
a fellow worker. The boss is rich — he can afford it, 
but a fellow worker's knocking his brains out to 
make a living, just like you, and stealing from him is 
dirty. 

(2) It’s all right to steal from the company, because 
you're only getting back what they owe you, anyway. 
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They try to pay you as little as they can, and will 
dump you out the door in a layoff, so anything goes. 
It’s a rough world, and you've got to look out for 
yourself. 

(3) Everybody does it, in different ways. The 
foreman takes home pads and pencils for his kids to 
use. Another guy takes a can of oil for his 
lawnmower. The boss steals money out of the petty 
cash. He takes his friends to lunch and puts it down 
as a business expense. The higher-ups always do it. 
The purchasing agent's on the take from suppliers. 
The plant manager bribes the government inspector. 
Even the biggest names in government are 
dishonest, so who are they to tell me I've got to walk 
the straight-and-narrow? 

(4) It's illegal, but only if you get caught. A lot of 
guys do it and don't get caught, and the bigger they 
are, the more they get away with it. The law hits the 
little guy. The big guy gets a smart lawyer, and is 
home free. 


Part of the problem is that employers and 
legislators ignore this ethic. Perhaps they feel that 
recognizing the unwritten law will legitimatize it, 
and ignoring it will make it go away. This is 
obviously untrue. It never goes away, and the most 
striking aspect is that the employee who steals 
sometimes has a “Robin Hood” aura, and earns the 
respect of his fellows. Severe cynicism and 
demoralization among employees is very common. 

Some companies, with enlightened policies and 
good relations with employees, have less trouble with 
theft than do others. Most companies don't have very 
enlightened policies. It's hard to demand loyalty from 
employees when company policy is against it. 
Expecting two weeks’ notice from an employee who 
quits seems unreasonable when the company lays 
them off with one day's notice or less. Morale and 
loyalty are problems in most businesses. 
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No matter how good employee relations are, there 
will be an irreducible hard core of professional 
thieves who will steal simply for profit. These are a 
risk in any business. Some are thieves by 
opportunity, taking only when they can. A tiny 
proportion of them will take a job with the intent to 
steal right from the start, and they'll create 
opportunites. 

Company security has several facets, and many 
employers ignore them, or make only token efforts. 
Briefly, they are: 

(1) Check out prospective employees. Have they 
histories of job-related theft? Checking references 
carefully will help a lot. 

(2) Limit the opportunities for theft. Tight 
security, without being oppressive, helps. A company 
that deals in small, light objects will provide 
temptations and opportunities. 

(3) Have a decent security force. This is where most 
companies fall down severely. The security force has 
a heavy responsibility, and in principle they're the 
employees who carry the most trust., Yet, they're 
often poorly paid and poorly-qualified.. Along with 
skimping on pay, the employer skimps on training. 
According to the Rand Corporation study, guards are 
typically ill-trained, most having no training at all. 
Most of the rest had eight hours’ training or less. 
This applies even to those issued weapons. The 
contradiction is obvious. 


Often, the guard force participates actively in theft. 
One night watchman, working on the New York 
waterfront, gave this account: 

“Sure, we take stuff. When there's a shipment, the 
guys make sure they drop a crate or two. The crate 
busts open, and we get in and take stuff, and a lot of 
times, nobody ever knows. Say it’s booze, we see 
broken bottles, and we take the ones that didn't 


break. The insurance pays for it. The bosses don't 
care. Even guns. Once, a crate from Beretta came in. 
It got dropped. The guns slip in a pocket real easy. A 
lot were missing. The bosses knew they got kiped, 
but who could prove anything?"3 

One authority recognizes this danger, and advises 
the undercover agent to note whether the guards 
talk with other employees, and are familiar with 
them. It would be surprising if they didn’t. Guards 
are on the lowest rung, or near it, and there’s no 
reason for them to consider themselves a privileged 
class, above the other employees. This is why 
undercover reports of guards talking with other 
employees are meaningless. 

Employee theft isn't always nickel-and-dime. 
Sometimes, large amounts are involved. The 1974 
theft of $3.9 million from Purolator is an example of 
an “inside job."5 

Employee theft isn't limited to the blue-collar work 
force. The executives often steal more, not 
necessarily because they're less honest, but because 
they have access to larger amounts. 

Companies who take it seriously will hire 
undercover agents, through an agency or their own 
security office. The far-seeing ones will have 
permanent or semi-permanent undercover oper- 
ators. 
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WORKING NARCOTICS 


This chapter is here to give an overview of the task, 
but not in the expectation that the reader will 
actually need it. Some of the techniques tie in with 
those in other areas, and the reader can draw a few 
lessons from them. 

The first point is to clear up misapprehensions. TV 
watchers may get the impression that narco cases 
are solved in an hour or less, after a burst of 
strenuous and dangerous activity. Actually, such 
cases are often frustrating, because they yield 
insignificant results, or wind up in dead ends. 

Low-level penetration is easy. Dressed for the 
locale, an undercover agent can make a “buy” and 
this leads to the arrest of the small dealer. 
Progressing to a higher level is very difficult. 

For this low-level activity, the agent needs to be 
“street-smart” and fit into the milieu. This means 
appropriate dress and language. It isn’t necessary for 
him to have “needle tracks,” because most illicit 
drugs aren't used by injection. The undercover 
operator may be a police officer, or a “turned” user. A 
common method of operation is for the agent to 
make a “buy,” while a stake-out team stations itself 
nearby. Upon completion of the buy, the team makes 
the arrest. This is the “buy/bust”, and requires the 
least in time and resources. The agent needs some 
“front money,” often less than $100 in marked bills, 
and the deal can be over in a few minutes. 
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It's simplest to use a “turned” addict. He knows the 
locale, knows the dealer, and often can make the 
approach without arousing suspicion. In this sort of 
situation, the police can use a “twist” to enforce 
compliance. He operates under their direct 
supervision, which simplifies the task. 


An undercover cop has a somewhat harder time of 
it. Drug dealers are paranoid. Approaching them can 
be difficult because they don't accept strange faces 
easily. It's absurd to try to walk up and make a buy. 
It's necessary for the agent to hang around the 
neighborhood, and become known. Sometimes, it's 
possible to shorten this process by having a “turned” 
addict make the introduction, but this risks 
“burning” the addict. 

Some dealers are so paranoid that they insist upon 
extreme measures to assure their safety. Some will 
ask the buyer to use the drug in his presence. There 
are several ways of getting around this. One is to 
claim the buy is for someone else. Another is to say 
the agent just took a dose before arriving, and won't 
need another for awhile. In the case of an injectable, 
the agent can say that he didn't bring his “works” 
with him, and doesn't want to risk infection from 
another set. 


This paranoia can be such that the dealer will keep 
his stock stashed in hiding places away from his 
premises. He'll want to direct the buyer to another 
location to pick it up, once he has the money. The 
buyer can refuse, and insist on a direct cash for 
drugs transaction, feigning distrust. 

Any undercover agent's career will be short-lived 
operating this way. In a buy/bust, the dealer sees the 
agent, and remembers. When he makes bail, he'll be 
out on the street spreading the word. 


This is why the “walk-away” is also in use. This is 
delayed gratification, in which the agent makes the 
buy, and walks away. He may make several buys, and 
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the arrest follows later. Sometimes this is necessary 
for the prosecution to establish that the dealer is 
regularly in the business, and not making a one-time 
sale. The drawbacks to this are that it costs more 
money, and the police lose sight of the dealer. He may 
get spooked and flee, and the effort and money 
invested are total losses. 

Front money is often a big problem. The smaller 
agencies simply can't raise the money to finance a 
big buy, which limits them to small cases. A large 
amount of money inevitably brings with it two 
problems: getting it, and safeguarding it. 

In some instances, the small agency can have an 
arrangement with a local bank to furnish a short- 
term, interest-free loan, for use as front money. In 
other instances, a large agency may still not be able 
to obtain enough. Both have a choice, that of calling 
in a higher agency, such as the state police or the 
DEA. 


This has its problems. Inter-agency rivalry, 
politicking, and empire-building all degrade the 
effectiveness of American police. When a smaller 
agency asks a larger one for aid, it faces the prospect 
that the larger agency will take over the case. At the 
very least, the smaller agency will have to work the 
case according to the larger one’s guidelines, which 
may conflict with the smaller agency's policies or 
practices. In some instances, the larger agency will 
act very independently and ruthlessly. After the small 
one’s staff have done all the preliminary ground- 
work, the larger agency will step in and take full 
credit for the success. From their viewpoint, this is 
necessary to justify their large appropriation, but 
people in the small agency will understandably be 
peeved. Next time, they may let a case go rather than 
hand it over. Inter-agency cooperation suffers. 


Safeguarding the money is always a problem. The 
supposed buy may actually turn out to be a burn, 
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and the “dealer” may hold up the agent for the 
money. Another possibility is if the dealer tells 
someone else of the impending buy, and word leaks 
to a stick-up team. This is what makes the presence 
nearby of the stakeout team so important, and 
requires other security measures, such as choosing 
a location where it's possible to block escape and 
where innocent people are not likely to be present in 
case of a shootout. 

Another danger is that drug dealers are usually 
very unsavory types, who lie, cheat, and are more 
unreliable than most people. This is also true of narc 
informers, and often the police may have high hopes 
of making a case based upon what they're told, only 
to have it evaporate into thin air when the moment 
of decision arrives. 

Getting to the higher-ups is often a laborious 
process. Cases such as the French Connection, with 
a chance encounter leading to a major interdiction 
and arrest, happen very rarely. Most often, it requires 
long and painstaking work. There's a hierarchy in 
the drug trade, and it’s usually necessary to go step- 
by-step up the ladder. 

An addict arrested during a burglary can lead to 
taking down a low-level dealer. The dealer, if the 
police can “turn” him, can lead to a wholesaler. The 
wholesaler has stronger security measures, because 
he deals with a very limited clientele that’s well- 
known to him. He may simply refuse to meet with a 
stranger. If he does, it must be upon personal 
introduction. Even then, he'll often delay while he 
checks out the newcomer. This is why an observed 
buy is more productive than an attempt to infiltrate 
an undercover agent into the system. The police 
persuade the dealer to make a buy when and where 
they say, stake the premises out, and then make the 
arrest. This burns the dealer, but the price is worth 
it. The wholesaler will, of course, seek revenge, and 


will kill the renegade dealer himself or by proxy, but 
to the police, the dealer's life isn't worth much, 
compared to the need to put the wholesaler out of 
business, and they willingly accept this risk. 

Getting to an importer is almost impossible, for 
similar reasons. Such cases do happen, and they're 
invariably headline news when they do, because of 
their rarity. 

The foregoing gives a picture of why, despite recent 
publicity, the police effort against drug dealers has 
been failing, and will continue to fail. In one sense, 
it's like the ill-fated prohibition on alcohol that 
brought about sensational newspaper headlines 
during the 1920s and early 30's. The use is too 
widespread, and “busting” a few low-level dealers 
hardly impedes the market. Undercover work is long- 
term and frustrating, and usually unproductive, 
despite the “narc” plainclothes officers who strut 
about with their airs of authority. 


Sources 


1. DEA Narcotics Investigator’s Manual, Paladin 
Press, Boulder, CO, p. 101. 


2. Ibid., p. 103. 
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PROTECTING 
THE INFORMER 


The normal practice among police units using 
informers is never to write down the identities of 
informers. It's very compartmentalized, and each 
detective has his corps of “snitches” which he keeps 
secret from his fellows. The reason is clear: “need to 
know.” There have been some bad cops, working for 
the “mob,” and letting out such _ sensitive 
information to fellow officers without an 
overwhelming need is dangerous. 

Judges who sign search warrants recognize this, 
and often will accept an affidavit that doesn't 
mention the source of the information. Typically, the 
affidavit must state that the information comes from 
an informer, and that his informer has proven 
reliable in the past, which gives reason to believe 
that his information is correct for the case at hand. 
The officer producing the affidavit must affirm it 
under oath, but the conditions are such that the 
court has only his word for it that an informer even 
exists. 


This can lead to abuses, the extent of which we 
cannot measure. It’s a normal human trait to 
exaggerate slightly, to shade the truth to get desired 
results, and the amount of padding, or falsification, 
is up to the individual officer and his conscience. 


We cannot measure the accuracy of affidavits. We 
can only assess the results, whether a search 


discloses the needed evidence. It often does, leaving 
open the question of the way the information 
became known. 

As a matter of general practice, the granting of 
search warrants based on affidavits depends more 
on the record and reputation of the police officer who 
swears one out than on his informers. One who has a 
good track record will find it easier to persuade a 
judge to sign one, while one whose record is poor will 
find it difficult. 

Protection of the informer is paramount, but this 
protection can go into some dangerous areas. 
Usually, the informer is required to participate in 
crimes. If the informer is an undercover police agent, 
law or departmental policy may forbid him to take an 
active role in a crime. This is a weak point in the 
agent's cover. 

A gang will usually have the newcomer go through 
a test before accepting him. This is to judge if he has 
the ability and fortitude for membership, and to 
screen out police agents. The result is that, if the 
newcomer is to gain acceptance, he must commit a 
crime and the police must condone it. The practice 
varies with the department, and the special unit 
involved, and there’s no reliable information 
regarding how far police across the country are 
prepared to go. 

There may be a blanket prohibition, as in the case 
of “Operation Red-Hot Poker,” but this lends itself to 
circumvention, as we've seen. There may be a tacit 
policy of giving the investigative unit a free hand, 
with the police chief not wanting to know the exact 
methods his people use to get their results. This is 
what often happens in international espionage, with 
the political masters giving the secret service a 
“license to kill,” as long as they don't know about it 
and the secret agents don't get caught. If they do, the 
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leader simply disavows them. The principle seems to 
be: “If you do well, you'll get no thanks; if you get 
caught, you'll get no help.” 

In some instances, the informer will have a license 
to commit crimes granted by the investigative unit, if 
this is the only way of keeping him in good graces 
with the group he's penetrating. In other instances, 
usually cases requiring long-range investigations, 
he'll be “arrested” along with the others, in order to 
establish his bona fides for a mission down the road. 


An obvious fact is that the informer has to earna 
living, and usually his livelihood is illegal. If the 
police unit has enough money to pay him a wage, the 
investigator can forbid his committing crimes. If the 
department's budget doesn’t allow subsidizing an 
informer, the police can “look the other way,” while 
the informer earns his living through crime. 

Another aspect of granting immunity from 
prosecution occurs in “turning” a criminal, as we've 
already seen. There's an advantage in letting a small 
offender go in order to catch the “big fish.” The police 
“cut a deal” with the offender, very unofficially, to 
extort his cooperation. 

“Burning” an informer does happen, but it’s hard 
to determine how often. A lot depends on the 
investigator, his skill, his relationship with the 
informer, and his eagerness to “make” a case. 

Sometimes, it happens through carelessness, and 
this is not always casual divulging of the name. If the 
informer passes information to the investigator that 
enables him to make an arrest, the investigator may 
face the dilemma of proceeding with the case or 
letting it lie in order not to “burn” his informer. A 
raid will always produce the question, “Who talked?” 
among the arrestees. If the raid follows immediately 
upon the informer's learning the damaging 
information, he may be “burned.” The “word” will go 
out on him, and he may even fear for his life. 
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Some investigators treat their informers quite 
ruthlessly, with contempt, and consider them 
expendable. They feel that an informer, a criminal 
himself, is among the scum of the earth, and 
deserves no consideration whatever. The limit on 
this attitude is that an investigator who “burns” his 
sources will soon find he has no sources left. 


The investigator may not mind. Police officers 
know that “making” a big case is often the stepping- 
stone to a promotion, especially in _ police 
departments on the east coast, and may be quite 
willing to sacrifice an informer for that promotion. 
Generally, the promotion places him in a supervisory 
position, where he no longer needs informers of his 
own. This makes his snitches expendable. 


All told, the life of an informer is dangerous. He 
faces a threat from the police on one side, and from 
the people on whom he informs on the other. He 
soon finds that he’s gotten in more deeply than he 
realized, because his police officer control now has 
more leverage to “twist” him. The ruthless officer can 
ensure continued compliance by threatening to 
“leak” the informer's identity if he fails to cooperate. 
Some break under this relentless pressure. Many are 
unstable personalities at the outset. For these 
reasons, informers tend to have short and unhappy 
lives. 
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UNDERCOVER WEAPONS 


Unlike the fictional, romanticized undercover 
agent, the real-life one rarely needs weapons. The 
stark fact is that if he must defend himself against 
deadly force, he’s failed seriously and conspicuously 
at his job. 


Very few undercover tasks involve any personal 
danger. Narcotics investigation is one, because 
clandestine narcotics dealers are both paranoid and 
violent. In most other areas, such as employee theft 
and labor-management problems, there is little 
prospect of violence. Embezzlers and counterfeiters 
aren't usually violent. Consumer fraud is non- 
violent. Most of these people aren't serious risk- 
takers, or they'd be trying their hands at bank 
robbery or kidnapping. 

Why, then, the emphasis upon weapons? First, 
many of those who “carry” are police officers. 
Departmental regulations require them to be armed. 
There are exceptions for certain undercover tasks in 
which a weapon might be compromising. 

Another reason is the “macho” image. There's a 
thrill in carrying a weapon, a hint of possible danger, 
and some people like this because it makes a dull job 
more exciting. Both police and quasi-police get 
carried away in this regard. 

One detective sergeant I know carries a Bauer .25 
ACP pistol in a wallet holster, although his job is 
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relatively safe. He runs undercover agents, one of his 
biggest operations being against a number of 
prostitution services, cited elsewhere in this volume. 
One occasion during which he went into the field, 
working “undercover” himself, he met with two 
truckers who had answered a classified ad he'd 
placed in the local paper. The ad simply called for a 
trucker to haul a load. When he met with the 
applicants, in a local diner, he told them the task was 
hauling drugs, and that it would pay well. At no time 
was he in danger, because these two were simply out 
of work truckers seeking to earn some money, not 
dangerous types. The truckers accepted, and he 
arranged for them to be stopped and arrested after 
his men, also undercover, loaded the contraband 
into the truck. The county attorney refused to 
prosecute, because this case was entrapment. 


There used to be a belief that carrying a gun 
automatically spelled “cop.” Not so. Probably never 
so. Lawbreakers are often armed, especially in some 
areas.; What is a giveaway is the undercover agent's 
carrying what's come to be known as a “police 
special,"2 a revolver in caliber .38 or .357 Magnum, 
with a four-inch barrel. Even this isn't absolute. 
Drug dealers carry weapons for protection, and these 
are fine revolvers. The reason for drug dealers’ 
commonly being armed is the prospect of a drug 
“purn,” in which the buyer comes to a meeting 
without the money, but intending to “rip off’ the 
dealer. It works the other way, too, with a person 
posing as a dealer seeking to rob the buyer of his 
money. 

From this we see that in some cases weapons are 
not only common, but justifiable. An undercover 
narc can, through no fault of his own, be on the 
scene when a “burn” comes down, and may have to 
fight for his life. 
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The type of weapon will depend strongly on the 
locale. In the eastern states, where there tend to be 
strong gun control laws, concealability is a must. A 
small revolver or auto pistol will fit this need quite 
well. In the western states, where gun control laws 
are lax or absent, almost anything will do. A large 
Government Model is a popular choice, and the large 
9mm auto pistols with double-column magazines 
are becoming more common. Many people carry 
carbines or shotguns in their trucks. 


The most important quality needed is reliability. 
The weapon must fire with the first pull of the 
trigger — no ifs, ands, or buts. 


“Stopping power” is much less important. Pistols 
have more than one round of ammunition loaded. 
The smallest revolver worth considering has five 
rounds of .38 Special ammunition in the cylinder, 
and if these don't stop an opponent, nothing will 
except a tank or a flame-thrower. The maximum 
caliber for concealed carry should be .38 Special or 
9mm Luger. An exception is the Charter Arms 
“Bulldog” in .44 Special, which is both compact and 
light. Recoil is severe, but in a life-threatening crisis, 
the user won't notice it. 


There are very expensive custom handguns, loaded 
with all sorts of accessories, but they're over-done 
and unnecessary. They're too expensive, and the 
extras tacked on can impair reliability. Extended 
safeties, high-profile sights, and the like tend to 
catch on clothing. 


Avoid the cheapies, especially the low-grade 
imports. They're poorly-made, and tend to be 
unreliable. Medium-priced weapons, ranging from 
about $150 up to $500, are usually best. Some 
specific weapons that have proven to be reliable and 
effective are: 
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The S&W “Chiefs Special,” caliber .38 Special. 
With a five-shot cylinder, it's thinner than six-shot 
revolvers and more concealable. Normally, it comes 
with a two-inch barrel, but a three-inch version is 
now available. This model also comes in stainless 
steel, for less demanding maintenance in damp 
climates. 


The S&W Model 469. This is a cut-down version of 
the Model 459, with a three and one-half inch 
instead of four-inch barrel, and a couple less in the 
magazine. Still, twelve rounds of hollow-point 9mm 
will do the job, and this pistol is compact enough to 
slip into a pocket. Very reliable. 

The Heckler & Koch P-7. This import comes in 
eight and thirteen-shot versions. The one with 
thirteen rounds has a thicker grip, to accomodate 
the double-column magazine. Both are unusually 
reliable, especially with bad ammunition. It's hard to 
get this pistol to jam. This pistol, at about $500, is 
the most expensive of the bunch. 

The Walther PP and- PPK are good choices, 
available in both .380 ACP and .32 auto. Both 
automatics have a fifty-year reputation for reliability, 
and are worth considering. The PPK is more compact 
than the PP, but the difference isn't very great. Both 
are very concealable. 

In smaller calibers, the Raven and Bauer auto 
pistols in .25 ACP are well-made and reliable. The 
Raven, especially, is inexpensive at under $100, yet 
has surprisingly high quality. Both are tiny, and fit 
almost anywhere, even in a sock. Don't try to run 
with one of these in your sock, though. It'll surely fall 
out. 

The ERMA Excam RX-22 is a “sleeper,” an 
unusually good auto pistol in .22 Long Rifle that isn’t 
well-known but is well-made and completely reliable. 
With a three and one-half inch barrel, it fires the CCI 
“Stinger” at about 1250 fps, which means good 
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expansion in the target. It’s small, flat, and light, and 
carries eight rounds in the magazine. 

Holsters can cause problems. Usually, a holster is 
associated with the police. A “pancake” holster, or a 
“high-rise,” almost screams “cop” although these are 
openly available to civilians. 

The best carry is in a pocket. This is less bulky, 
although less handy, than in a holster. Pocket carry 
is a very slight advantage in concealment, because 
holsters are made only for certain spots of the body 
— the belt, armpit, or ankle — and it’s quick and easy 
to pat down in these areas. No carry is proof against 
a thorough search, however, and the best protection 
is to be open about being armed. An explanation of 
needing the gun for “protection” is acceptable 
almost anywhere. Open carry in locales where this is 
customary is a good solution. 

Thus, we see that weapons, although rarely 
essential, are helpful in some situations, and often 
easily available. Of course, the wearer should be 
intimately familiar with his weapon, and know how 
to use it quickly and effectively for best results. 


Sources 


1. DEA Narcotics Investigator’s Manual, Paladin 
Press, Boulder, CO, p. 104. 


2. Although Colt makes a revolver known as the 
“Police Positive,” a well-liked police weapon, the gun 
can be a Smith & Wesson, Ruger, or similar make. 
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AVOIDING PITFALLS 
IN UNDERCOVER 
OPERATIONS 


Fictionalized accounts make it seem so easy. The 
agent infiltrates his targets, faces danger bravely, 
has a shootout and a car chase, and the story ends 
with success. In real life, there are some severe 
problems, and a quick look at them will give you a 
perspective from which to evaluate the progress of 
your operation. 


Bad Information 


One police department staged a raid on a cocaine 
dealer as a result of a defector, an acquaintance of 
the dealer's who cut a deal with them, offering to 
inform in return for special treatment after an 
arrest. One morning, the police raided the dealer's 
home, expecting to find him and his stash. They 
didn't find the stash or the dealer. The information 
was bad, and they never were able to discover why. 
Perhaps the dealer had had a last-minute change of 
plans. Possibly he didn’t trust the informer. 


The 1984 Olympics 


Federal and local agencies went all-out on this one, 
to assure security and to forestall terrorists. Before 
any direct security measures went into effect, there 


100 


was an effort to penetrate terrorist groups and 
discover their plans. The result was exaggerated and 
alarmist “information,” some accounts suggesting 
that terrorists were preparing an all-out assault on 
the Olympics. Others even pin-pointed some of the 
“safe houses” that the terrorists were planning to 
use., As a result, state, federal, and local governments 
spent over $100 million to safeguard the events. 
After the events were over, the police congratulated 
themselves, saying their massive security measures 
had deterred the terrorists. 


Evaluating what really happened isn't as difficult 
as it might seem. While it's impossible to prove 
definitely there never was a terrorist threat, or to 
conclude there was no deterrent effect, some 
informed guesswork can shed some light on the 
subject. Deterrence seems a poor explanation. 
Terrorists have driven truck-bombs into camps filled 
with combat-ready U.S. Marines, and carried out 
other attacks against military forces in well- 
defended positions. It seems unlikely they would fear 
police SWAT teams. There has been no attack on 
Olympic games since Munich in 1972, which shows 
that terrorists don't view the games as suitable 
targets. 

It seems more likely that police over-reacted to bad 
information, and exaggerations by agents seeking to 
justify themselves. Part of the explanation also has to 
do with empire-building. Some police administra- 
tors find that releasing “information” of a new and 
severe threat to the civil higher-ups helps to get 
them increased funds for their departments. 


Empire-building 


One state police officer. told candidly of his 
superior's talent in this regard. His superior often 
ordered him to ghost-write reports to present to the 
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governor, outlining a new threat to justify an 
increased appropriation. Drawing upon information 
from undercover agents, which included defectors, 
this officer would carefully select the ones that gave 
the most alarming picture and weave them into a 
compelling narrative of imminent danger. This tactic 
was very successful over the years, partly because the 
empire-building police executive showed good 
judgement in keeping his claims in proportion, and 
did not make any claims that could be definitely 
proved wrong and embarrass him later. 


Such techniques are common. They involve 
avoiding any definite predictions that can rebound 
when they don’t come to pass, and using vague and 
weaseling language to infer a threat, rather than to 
define it sharply. Qualifying phrases, such as “may 
happen soon,” “vulnerable to attack,” and “capability 
to strike” are very useful in a report, because it's 
hard to pin anything down, and the official can avoid 
having to put up or shut up. 

Sometimes bad information is obviously bad, but 
police officials and others accept it credulously and 
uncritically, and build upon it. One outstanding 
example was the threat to contaminate the Chicago 
water supply with LSD during the 1968 Democratic 
Convention. This caused a furor, and officials took it 
at face value. A simple calculation would have 
disclosed that to contaminate the water supply of a 
city as large as Chicago would require more than the 
entire world supply of LSD! 

What does this mean to you? How can you 
safeguard yourself against bad information and 
exaggerations by those seeking to enhance their 
value to you? 

First, do your homework. When something seems 
unclear, or especially outlandish, question the basic 
assumptions. In the Chicago incident, officials 
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assumed the people who said they would insert LSD 
into the water supply were able to do so, and nobody 
tried to work out the amount of the drug this would 
require, and try to discover if there was, in fact, 
enough of a supply available. A good dose of realism 
goes a long way toward getting an accurate picture. 


Scrutinize carefully your own attitudes and 
prejudices. The people who make a living at running 
undercover operations are skilled practical 
psychologists, and know how to take advantage of 
peoples’ personality quirks. They play upon peoples’ 
fears, and know how to feed their anxieties. Telling a 
client what he expects to hear is one way of assuring 
continued employment. 

To give a hypothetical but believable example, an 
employer who fears unionization may fall upon an 
investigator who, when he finds no evidence of 
union recruiting, digs deeper. He may tell the 
employer that the brother-in-law of one of his 
employees is a union official, or that another 
employee described what a union gained for himata 
previous job. This seems outlandish, but an 
employer who is so concerned about possible union 
activity that he takes illegal measures to check it out 
is ripe for this sort of exploitation. An investigator 
who tells him he has no cause for concern will be out 
of a job immediately. One who tells him there is 
danger is likely to win himself a lucrative contract to 
keep at it and ferret out other information. 


Avoid depending on someone else's conclusions. 
Try to scrutinize the raw information, rather than 
accepting “intelligence estimates,” and “information 
received.” Be cautious when you see breezy language 
such as “the smart money says that...” or 
“intelligence estimates.” Phrases such as these often 
are designed to conceal ignorance rather than reveal 
knowledge. Going to the source often clears the 
picture up dramatically. 


This can be difficult to do practically, because both 
police and private agencies are extremely reluctant 
to disclose precisely who are their informants and 
agents. However, reading the raw reports, if available, 
can often show where a possibility got changed toa 
definite fact in the rewriting. 


Compare different sources of information. If you 
hire a private agency to do undercover work for you, 
hire another one to duplicate the effort, keeping each 
ignorant of this redundancy. Compare the reports 
you get from each, and you'll soon see whether they 
confirm or contradict each other. Another step is to 
insert your own undercover agent as a check. You'll 
have direct access to his information, and be better 
able to evaluate it. 

Finally, use common sense. This means both using 
your head when evaluating reports and avoiding 
panic inspired by a threatening or sensational 
report. 


Sources 


1. Disruptive Terrorism, Victor Santoro, Port 
Townsend, WA, Loompanics Unlimited, 1984, pp. 65- 
78. 


2. Personal acquaintance of the author, who 
disclosed the nature of his duties on promise of 
confidentiality. 
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CONTROVERSIAL ASPECTS 
OF UNDERCOVER WORK 


There's a very sleazy side to undercover work, 
involving such practices as entrapment and planting 
of evidence. These are illegal in this country, unlike 
in some repressive regimes, but they still happen, 
and sometimes for the best motives. The chapters 
that follow will be fascinating, although undocu- 
mented. The topics are very emotional, which is one 
reason for the lack. Much of this information comes 
from rumors that float around the world of law 
enforcement and other sources, and agents and their 
supervisors simply don't put these activities on 
Paper. 

We shall see that, not only are these methods not 
included in reports, but the official paperwork 
contradicts them. They're mostly illegal, and to 
prosecute a case, it’s not only necessary to avoid 
tainting the evidence by admitting to illegal means, 
but the reports must show that the evidence is 
legally obtained. In other instances, officers and 
private agents use illegal means that are tangential 
to the evidence, as we shall see, starting with the first 
example, blackmail. 


BLACKMAIL 


Among the unsavory practices associated with 
undercover work is blackmail. The stereotypical 
image of career criminals victimizing a respectable 
person for a past mistake is only part of the picture. 
Both private and public officials use blackmail, in 
ways that are both subtle and heavy-handed. 


Some Americans are aware that certain foreign 
espionage agencies use blackmail to coerce officials 
of other governments to provide them with 
information. One early example was that of Colonel 
Alfred Redl of the Austro-Hungarian Army., Redl was 
a homosexual, and also had expensive tastes. 
Homosexuality isn’t quite accepted today, and 
usually is a disqualification for government service. 
At that time, before World War I, it was a criminal 
offense. The Russian intelligence service somehow 
found out about Redl's sexual preferences and 
blackmailed him. They used the carrot and stick 
approach, though, also paying him large sums of 
money to enable him to live the high life he craved. 


Austrian counter-intelligence agents caught Redl 
through routine surveillance, watching a suspicious 
General Delivery package at the post office. They 
witnessed him picking up this package, which 
contained a large sum of money. It didn't take long to 
wrap up the case from there. He never went to trial. 
Instead, he got an early counterpart of the modern- 
day practice of “dying of the measles.” A group of 
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army officers visited him and discussed the 
situation, leaving him with a pistol. Redl committed 
suicide, because officers and gentlemen at that time 
were supposed to do “the honorable thing.” 


Homosexuality, although widespread and almost 
traditional in certain official agencies such as the 
British Foreign Office, isn't as well tolerated in the 
military services, even today. One homosexual who 
ran into trouble was John Vassal, who inadvertently 
allowed the Russian KGB to photograph him at a 
homosexual orgy in Moscow. From that moment, he 
was theirs. He worked for them, passing them secret 
documents from the British Admiralty.2 


In Nazi Germany, the Sicherheitsdienst (security 
service), organized a very exclusive brothel for 
foreign dignitaries. Although this “Salon Kitty” 
specialized in “normal” sex, clients were open to 
blackmail because jealous wives don't take kindly to 
their husbands’ extra-marital activities.3 

It seems to be normal practice among the larger 
espionage agencies, with budgets that can afford 
such extravagances, to employ both males and 
females for “special services.” Diplomats stationed in 
Moscow, for example, can find attractive Russian 
citizens who are very friendly and quickly tumble 
into bed with them. It's hard to clarify how much of 
this is simply catering to unfulfilled needs, and how 
much is entrapment. There is no documentation as 
to who makes the proposition first. The result is the 
same, and only a few of these espionage targets are 
exposed. 

One was a French ambassador who cheated on his 
wife with an attractive Russian young lady, but the 
KGB handled the case in a clumsy manner and the 
effort came to light after the ambassador's return to 
France. There was a stormy scene in President de 
Gaulle's office. 


Entrapment is not the only way to acquire 
blackmail evidence. Other, technical means such as 
wiretapping serve well. 


Let's also not make the mistake of thinking that 
blackmail, sexual and otherwise, is the exclusive 
province of dirty, sneaky foreign agents, and that 
clean-living, clean-cut Americans would never stoop 
to such measures. One American organization that 
does this is a large corporation we all distrust and 
hate — the phone company. One telephone company 
executive testified that wiretap information was 
useful when putting pressure on public officials for 
rate increases. Among the information that 
telephone company tappers extracted from 
intercepted conversations was whether or not the 
targeted official had financial difficulties, or was 
carrying on an illicit affair., 


The telephone company also uses the carrot-and- 
stick approach that works well for espionage 
agencies. A city councilman with financial 
difficulties could often be persuaded by throwing a 
little business his way, as well as strong-armed bya 
telephone company negotiator making an oblique 
reference to his illicit affair. 

There have been other attempts at blackmail 
which have come to light. At the time Ralph Nader 
was stirring up the muck against Detroit automobile 
manufacturers, private investigators were digging 
into his private life to try to find something which 
could be used as leverage to shut him up. 


We don’t know how widespread blackmail is 
among private investigators. The few examples 
which have come to light are surely only the tip of the 
iceberg. Political campaigns are often very dirty, with 
candidates employing private investigators to dig up 
any dirt about their opponents. The Hollywood film 
The Best Man was a fictionalized version of this 
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practice. Most of the real-life counterparts remain 
unseen, because victims usually give in rather than 
expose the blackmailers and themselves. 


There have been documented examples of 
government-run blackmail brothels. So far, there has 
been no privately-run one exposed. Perhaps one of 
these days there will come out a case of an 
enterprising private investigator setting up a brothel 
to gather information generally, in a “fishing 
expedition.” Scanning his list of “clients,” he can 
determine which names are likely to be profitable, 
and seek out the person's political enemies to sell 
them the information. 


Thus, we see that blackmail isn't necessarily for 
personal profit. While career criminals who come 
across or create damaging evidence do it to extract 
money from the victim, corporations and 
government agencies use blackmail for other 
reasons. 


This has had an effect on recruiting practices and 
security screening. Security officers, when they 
investigate applicants, take an interest in possible 
subversive connections, and also a shady past that 
might open up the subject of blackmail. They watch 
for continuing tendencies such as homosexuality — 
not for reasons of prudery but because they know 
from experience that this can be exploited to put 
irresistable pressure on a targeted individual. 


Among the more enlightened agencies, such as the 
CIA, there's a viewpoint that many people have 
shameful incidents and backgrounds, and that it's 
best to face it and deal with it than to leave it 
unresolved. An employer who knows about an 
unsavory fact in an employee's life and doesn't use it 
as a disqualification can actually protect his 
employee from blackmail. The victim knows that this 
fact can't be used to ruin his career, and this makes 
him less vulnerable. 
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Employees in sensitive positions receive security 
briefings, during which they're warned about 
possible attempts to blackmail them, and the means 
by which blackmailers can entrap them. They're 
warned, for example, about sexual liaisons in foreign 
countries. Security officers emphasize that if there is 
a blackmail attempt, they should immediately report 
it, no matter how damaging the information might 
be. In the enlightened agencies, policy is that the 
blackmailed employee will receive special 
consideration if he reports the incident to his 
superiors. They go easy on him because it's less 
damaging overall to confess immediately than to 
comply with the blackmailer's wish to start a career 
of betrayal. 


Sources 


1. Spies & Spymasters, Jock Haswell, London, 
Thames & Hudson, 1977, pp. 107-108. 


2. The Making of a Spy, Raymond Palmer, Crescent 
Books, 1977, pp. 84-85. 


3. Spies & Spymasters, p. 141. 


4. The Private Sector, George O'Toole, New York, W.W. 
Norton Company, 1978, p. 70. 
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ENTRAPMENT: 
A POST-GRADUATE COURSE 


We've already seen that entrapment is not allowed, 
as it taints the evidence. The judicial rules are quite 
strict and explicit about how far the undercover 
officer or private agent can go in dealing with a 
suspect. Nevertheless, entrapment occurs. Very little 
of it is documented, for obvious reasons. There are 
basically two ways to entrap a suspect. 


The first is for the officer to make the solicitation 
himself, and then offer perjured testimony in court. 
This way is simple, and saves a lot of time in an 
undercover investigation. It's very hard for a suspect 
to prove he was entrapped when the case comes to 
trial. Usually, it's his word against the officer's, and 
the court usually accepts the officer's version. 


The second way is indirect, and amazingly enough, 
is documented in a book by a retired U.S. Secret 
Service Agent., This method has the undercover 
agent working in tandem with an informer. The 
agent never makes any solicitation, because he 
knows he must be prepared to testify truthfully to 
what he did and said. 

Instead, the informer sets the scene, telling the 
suspect beforehand that the agent is seeking drugs 
or other contraband, or is willing to participate in 
the crime. This prepares the agent to come on stage 
quite innocently, and accept the solicitation offered 
by the suspect. 


Entrapment is a short-cut, and it sometimes 
backfires. If it does, the result can be a large lawsuit, 
and even criminal prosecution. However, there's no 
way of knowing how many instances of entrapment 
go well for the agent, helping him to perfect his 
technique and encouraging him to do it again at the 
next opportunity. 

Entrapment is a classic secret-police technique. 
Government agents who infiltrate political groups 
often suggest they do something illegal, exposing 
them to prosecution. The reason this is common, is 
the method of “working” the case. This involves 
“setting up” the target individual or group, and can 
also apply to non-political cases. The infiltrator is 
actually an agent-provocater, who suggests that the 
group do something illegal, such as robbing a bank 
or committing sabotage. This is entrapment to a 
higher power. He helps in the planning, and may 
even go along with the execution. Of course, he’s kept 
his control informed, and when the deed comes 
down, the police are waiting. If the group has tight 
security, the agent must be arrested along with the 
rest of them, to avoid suspicion. Later, the police can 
arrange for the agent to “escape,” so that he can 
continue his work. 


An extraordinary case of an agent-provocater that 
came to light was that of Ilevno Azeff.. This man was 
an agent of the Ochrana, the Czarist Russian secret 
police. He not only worked as an agent-provocater, 
but engineered the murder of his boss. 

Having started out in life as a common criminal, 
he fled Russia to Germany, and after awhile offered 
his services to the Ochrana as an infiltrator of rebel 
Russian expatriate groups. He posed as a 
revolutionary, meanwhile collecting names and 
reporting the activities of the groups to his masters 
in the Ochrana. 
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Apparently he had much success, and was well- 
accepted by these groups. He returned to Russia to 
infiltrate the local terrorist groups, posing as an 
ardent activist. Among the feats he carried out was 
the assassination of the Grand Duke Sergei. In 1905, 
he participated in the fatal bombing of Plehve, the 
Czarist Minister of the Interior who was over the 
Ochrana. In one sense, this assassination was a 
result of the Byzantine politics of the Czarist 
government, because Azeff's control was in on the 
plot, and could have prevented it. The reason he 
didn't was a classical case of empire-building, as he 
wished to demonstrate the need for his department, 
and obtain increased appropriations. 


This case served as a prototype for others. An 
ambitious secret police chief, seeking more power 
and recognition, is never going to make it if there's 
no demonstrable threat. A sleepy, peaceful political 
opposition isn't a credible threat and doesn't justify 
a massive investigation. It helps to have a few 
bombings and killings. 


One way to arrange this is to infiltrate undercover 


agent-provocaters. Their role is clearly not to gather 
evidence, but to make things happen. Even if the 
movement is peaceful, the agents can start an 
“activist” faction, oriented toward violence. In any 
group, there are always a few hotheads, impatient 
with the slow pace of progress, and who can be re- 
directed towards more direct action. 


This is one of the safest undercover activities, 
because the agent-provocater never has to break his 
cover to give evidence in court. He never has to take 
risks to gather evidence. His function is merely to 
incite, and to pass on the information to his control. 
For these reasons, such an agent is rarely exposed. 

The same pattern applies in private investigation. 
It helps to “build up” the importance of a case. An 
ambitious security chief can fake an incident. One of 


the possibilities is to plant a bomb, one that doesn't 
do much damage but that highlights a “terrorist” 
threat. The corporate executives, alarmed by this 
event, will more readily give him the means to 
increase his department's size and importance. 
Engineering such an event requires some fine 
judgement, because it can also backfire. The top 
management may conclude that the outrage 
occurred because of the security director's 
incompetence, and replace him. 

In the public sector, one such incident that came 
to light, to the embarrassment of the Los Angeles 
Police Department, was at the 1984 Olympics. After a 
long build-up of security measures, with copious 
publicity, the Olympic Games seemed anti-climatic. 
SWAT teams were deployed, ready to cope with 
terrorist attacks, but nothing happened. The only 
noteworthy violent event was that of a motorist, a 
psycho, running down people by driving on the 
sidewalk, something unconnected with the games 
themselves. The ambitious police officer who planted 
the fake bomb sought to gain recognition, but was 
quickly discovered. 

There's no way of knowing how many instances of 
provocation have happened, because this is the most 
deeply-covered clandestine activity of all. Much 
depends on the ambition and ethics of the secret 
police chief, or the owner of the private investigative 
agency. As we've seen, some of them have no ethics at 
all. 


Sources 


1. Undercover, Carmine J. Motto, Springfield, IL, 
Charles C. Thomas, Publisher, 1971, p. 82. 


2. Spies and Spymasters, Jock Howell, London, 
Thames and Hudson, 1977, pp. 106-107. 
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INDUSTRIAL ESPIONAGE 


Seeking out information on a competitor's 
materials, products, and trade secrets can produce 
profitable results. Normally, “everybody does it.” 
Usually, it's by perfectly legal means. 

It's not a crime to read a_ competitor's 
advertisements, to attend trade shows and inspect 
his products, or to ask his customers how satisfied 
they are with his products or services. This is normal 
industrial intelligence and many large and small 
companies do it. Some have special departments for 
this, and don’t bother to hide them.; 


It's easy and legal to buy a few shares of a 
competitor's stock, in order to be on the distribution 
list of his stockholders’ reports and to attend 
stockholders’ meetings. Reading the business 
section of the newspaper is another way of gathering 
open intelligence about a competitor. So is buying a 
sample of his product and analyzing it. Sometimes, 
however, the intelligence-gathering crosses a hazy 
line to unethical and even illegal practice. 

Hiring away a competitor's help is one way of 
getting the “inside story.” The one who does it calls it 
“aggressive recruiting,” while the victim calls it 
“pirating.” It all depends on your point of view. 


Sometimes, the hiring away can be for the express 
purpose of wrecking the competitor. 
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Going further, there are spurious job offers, placed 
by dummy corporations or even real ones, aimed at 
interviewing the competitor's employees. The offer 
can be made to seem generous enough to attract 
attention, and once the employee is in the interview, 
it's easy to ask him about his current job in great 
detail, in the guise of probing his qualifications. This 
is an old trick, but it sometimes still works. 


Many employees are sophisticated enough not to 
fall for this. Others are constrained by secrecy 
agreements, non-disclosure clauses in_ their 
contracts. The employer obliges a new hire to signa 
statement that he will not disclose sensitive 
processes while he's employed, or for a specified 
number of years after he leaves. These agreements 
have held up in court, and there have been lawsuits 
for breaking them. 


This sort of agreement applies even to the 
employee who breaks off to start his own business. 
Breaking off from the “parent” company is common, 
and many new companies have started this way. 


Light Cover 


Another way to obtain a competitor's high-tech 
secrets is to pose as a potential buyer. One way to do 
this is through a dummy company, but this is 
shallow and can't stand up to even a superficial 
investigation. A better way, one that involves no 
conflict of interest, is through the “old boy” network. 
An executive who wants information about a 
competitor can make use of a friend or old school 
chum working for another company that is or might 
be a customer of the competitor's. In that position, 
the friend can ask about the technical specifications 
of a forthcoming piece of equipment, and might even 
get them if he's highly regarded. Simply keeping his 
eyes and ears open can do wonders. 
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Typically, customers receive invitations to visit the 
plant, and get guided tours which can Iast all day. 
This provides an important opportunity for a highly- 
trained technician or engineer to winnow out 
industrial secrets. A small detail that would tell a 
layman nothing can be very revealing to the trained 
eye. 

There can be payment for this sort of informal 
arrangement, and the transfer of money isn't always 
compromising. It doesn’t have to be in cash. Gifts of 
material goods, paid vacations at company expense, 
and country club memberships are all ways of 
arranging this discreetly. 


Infiltration 


This means placing an undercover agent into the 
competitor's organization. This can be very difficult, 
because unlike infiltration into a company by 
invitation, there's nobody to help, and there surely 
will be security measures to keep infiltrators out. An 


employee can apply at the competitor's company, 
where he might be received one of two ways. He 
might be seen as a potential source of information, 
milked thoroughly while being kept at arm's length 
from any proprietary information, or he might be 
refused outright. A safer way is to recruit someone 
who is not an employee, through conventional 
channels. Classified ads for the same position that 
the competitor has open will attract the same group. 
The most likely one can be the subject of the 
proposition: “Take the job with them, but work for 
us.” 

The problem with this approach is finding the 
person who is both willing to do it and most likely to 
be hired. They don't often coincide. If they do, and 
the plan succeeds, the normal undercover rules 


apply. There are two paychecks, methods of secret 
communication, etc. 


Getting an infiltrator or agent into place is chancy. 
It's much easier if he’s already there. 


Suborning 


Suborning a competitor's employee is simple, but 
can become very involved. Basically, it’s trying to 
recruit a defector. It’s true that an employee who 
“comes over” can reveal a lot about the competitor's 
processes and trade secrets, but his change of 
employment is in the open, and his former employer 
will be watching carefully to detect any breach of 
security. Also, his information dates from the day he 
leaves, and becomes progressively obsolete. 

Keeping him as a defector-in-place is more 
rewarding for both parties. The employee continues 
to collect his paycheck, and now has another source 
of income. This can be an embarrassment if he’s not 
discreet, and can be proof that will stand up in court 
if there's ever a prosecution. One way of avoiding this 
is for the company doing the espionage to form a 
dummy company and hire him as a “consultant,” an 
old dodge that works very well. Keeping everything 
“on the books” avoids complications with the 
Internal Revenue Service, and provides a plausible 
explanation if the defector decides to do some high 
living. 

If the defector's level-headed and discreet, he can 
ask to have the money deposited in a foreign 
account, as a nest-egg for retirement. Alternately, he 
can have one of his family hired by the dummy 
company, as a cover for the income. There are all 
sorts of permutations of payment that can arrange 
the transfer of money without detection or arousing 
suspicion. 
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Illegal Means 


Breaking and entering is not common, but does 
occur. This is very direct, and apart from the 
prospect of getting caught, lets the competitor know 
that someone's after his secrets. While it doesn't take 
much sophistication to try to camouflage the break- 
in as an ordinary burglary for profit, it takes no great 
intellect to see through this trick, either. 

Modern industrial plants have many concentric 
layers of security. There are perimeter fences, guard 
patrols, door locks, door and window alarms, infra- 
red, sonic, and capacitance sensors, and finally, 
sophisticated safes for vital documents. None of 
these is impenetrable, but together they're powerful 
deterrents. This is why B & E is far less common 
than legal means of stealing industrial secrets. 


Sources 


1. The Private Sector, George O'Toole, New York, W.W. 
Norton Company, 1978, pp. 50-52. 


2. Several years ago the author worked as a 
technician in a small shop that had only two large 
accounts. The author, at that moment, was the only 
technician, and the accounts needed daily servicing. 
A phone call from a competitor resulted in a job offer. 
The author explained that his leaving at such a 
critical moment would paralyze his employer, losing 
him his accounts, but this didn't seem to bother the 
person trying to hire him away. It wasn't hard to 
calculate the real purpose behind the job offer, and 
was even possible to guess how long the new job 
would have lasted once the former employer was out 
of business. 


METHODS OF PAYMENT 


Paying informers has its drawbacks, as we've 
noted. Sometimes it’s necessary. In certain 
instances, there’s an active program to pay 
informers because this is one way to get responses 
and other choices are very unproductive. 


One such program is the “turn in a friend” 
operation used by the Internal Revenue Service. This 
involves paying up to ten percent of the taxes 
recovered to a snitch who informs the IRS of a case of 
tax evasion. As the IRS keeps this activity's success, 
or lack thereof, a deep secret, there’s no way of 
evaluating how useful it really is. 


Another “informing for pay” program is one run 
jointly by the Federal Drug Enforcement 
Administration and local police agency narcotic 
squads. The DEA fronts the money, and the local 
agency does the donkey work. 

The first step is to place ads in newspapers, 
offering up to five hundred dollars for information 
leading to the arrest of a drug producer or dealer. 
The offer includes a promise of confidentiality. The 
ad gives an 800 number to call, which is manned 
twenty-four hours a day. 

The police, when they get a call, don't ask for the 
informer's identity. They assign him a number, and 
instruct him to call back, giving that identifying 
number, in a couple of weeks, after they've had the 
time to follow up on the lead. 
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If the lead is valid, the police determine the 
amount of payment, and when the informer calls 
again, they decide on a method of delivery. If the 
caller wishes, a police agent will meet him and hand 
over the money when he identifies himself with his 
number, and will not seek to follow him or discover 
his identity. 

In the case of a very suspicious caller, the police 
will even consent to leaving the money at a “dead 
drop,” where the informer may pick it up after the 
police agent has left. The police “play it straight,” 
knowing if they betray the trust, the news will get 
around and compromise the whole program. 

It often happens that the informer's motivation is 
not only profit. The caller may be a drug trafficker 
himself, using the police to eliminate a troublesome 
competitor. This is the irony. The police, by acting on 
the information received, make an arrest and 
thereby increase the trade of another trafficker, 
meanwhile paying him in cash for his information. 

Another irony is that this anonymous cash 
payment enables the informer to avoid paying the 
income tax due on it. The informer gains because the 
IRS turns a blind eye to this practice. 

How effective is this sort of program, whatever the 
moral issues? The police don't publish their track 
records regarding informer programs, but the 
available information, based on off-the-record 
statements by police officers, direct observation of 
the results gleaned from some such information, and 
the overt evidence of the increasing drug trafficking 
in this country, suggests that the results are poor., 

The reality is that police narco units spend a lot of 
man-hours following up bad leads. Of course, a bad 
lead results in no payment, but the police do spend 
the man-hours. It’s hard to imagine a less risky way 
of wasting the time of the narco units than phoning 


121 


in bad leads and sending them on wild goose chases. 
With an 800 number, the caller doesn't even pay for 
the call! 

One state police force has an aerial reconnaissance 
program for spotting marijuana from light planes 
and helicopters. A highly-trained narco agent and a 
pilot fly from six to eight hours a day during the 
growing season to try to spot “gardens” of marijuana 
plants. The agent, reading from “tips” in a small 
notebook, directs the pilot to various sites for a close 
observation. This activity is mostly unproductive, 
because in three years, this agent has spotted only 
28 gardens from the air. One obvious conclusion is 
that growers phone in “tips” to keep the agents busy 
chasing ghosts while they continue to grow their 
plants undisturbed elsewhere. 

It isn't surprising that the police often find 
themselves second best in the game of wits. They 
sometimes say that criminals are dumb, but the 
great number of crimes and the low rate of clearance 
suggest otherwise. 2 

It doesn't take much imagination for a drug dealer 
to gather information about a competitor and phone 
it in. Even one without an extraordinary intellect 
may think of “planting” evidence that the police will 
find. The police, acting on the information in good 
faith, find the evidence and make what they see asa 
valid arrest, never realizing that the affair was a “set- 
up.” 

A very controversial and strictly sub rosa method 
of payment is in drugs. Police sometimes hold back 
drugs from seized evidence, and divert it to 
supplying some informers. This is an outgrowth of 
“walking around money” that the police often pay to 
their informers. 


Strictly speaking, this is not a reward, but a 
maintenance payment. The informer incurs 
expenses, and may not be able to meet them out of 
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his own pocket. If he’s an addict, maintaining him is 
a logical way to keep him functioning and producing 
information. The police detective doles out enough to 
him to feed his habit, but not enough to enable him 
to deal, unless this is a requirement of the case. 


Sources 


1. Undercover, Carmine J. Motto, Springfield, IL, 
Charles C. Thomas, Publisher, 1971, p. vii. The 
author, retired U.S. Secret Service Agent, states that 
a 30% or 35% success rate in undercover operations 
would be an exceptional performance. Although he 
refers to counterfeiting, this figure can apply to other 
types of undercover work. It's almost certain that the 
figure would be much lower in other instances. 
Counterfeiting and the theft of securities involve 
documents, pieces of paper which the criminal must 
convert into cash. Thus, he has to come out into the 
open, even if only momentarily. Drug trafficking is all 
clandestine, and for this reason much harder to 
trace. Speculating on the success rate of narcotics 
enforcement officers can’t be more than guesswork, 
but the probability is that the percentage is 
appallingly low. 

2. Uniform Crime Reports, Federal Bureau of 
Investigation, Washington, DC, U.S. Government 
Printing Office, any year. An almost-forgotten study 
popularized in a national news magazine at least two 
decades ago showed the results of LQ. testing among 
a sample of penitentiary inmates. The average 1.Q. 
was 83, dull-normal and almost down to the moron 
level. The study purported to “prove” that criminals 
are stupid, but in fact it didn’t. What it proved was 
the mental level of criminals who were caught by the 
police and successfully prosecuted through the 
leaky, creaky criminal justice system. We can 
speculate about the intelligence of those who don't 
get caught. 
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PLANTING EVIDENCE 


Years ago, a newspaper reporter in a college town 
that was experiencing some peace activism during 
the Vietnam War era was offered a five-dollar 
“baggie” of marijuana under strange conditions. He 
was visiting the local Salvation Army office, where 
the office manager, new in the post, was to supply 
information about a food drive he wished to 
publicize. The manager pulled a baggie out of his 
desk and told the reporter that it had been given to 
him by a man the reporter had met during the 
course of his work, and who was allegedly an avid fan 
of the reporter's. The baggie was supposed to be a 
token of his esteem for the quality of the reporter's 
photographs. 

The story sounded strange. The reporter was 
suspicious. He knew the office manager had told him 
that he had recently come from Guam, where he'd 
been stationed as a civilian employee of the U.S. 
Army, and had assumed the job with no previous 
experience in the field of social work. 

This was the era when local and Federal agencies 
were infiltrating the “peace” movement, and the 
reporter, although he was not part of it, had many 
contacts within the local peace movement. He 
suspected he was being “set up,” and that if he 
accepted the marijuana, he might well be arrested 
after leaving the office and coerced into providing 
information in return for the dropping of charges. 
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This reporter did not normally smoke marijuana, 
and really didn't want it. He flushed the contents of 
the baggie down the toilet in the manager's presence, 
and walked away from the encounter. Within a year, 
the manager disappeared as suddenly as he'd 
arrived, confirming the reporter's suspicion that he 
was an undercover agent-provocater., 

Planting evidence is perhaps not as common as it 
was years ago, but it's an effective method to 
cultivate an arrest or to get a “twist” on a potential 
informer. In human terms, it’s easy to understand a 
police officer, exasperated by a suspect whom he 
“knows” is guilty, deciding to help his case along by 
planting evidence. 

In the police subculture, there's a widespread 
belief that the law, the courts, and the rest of the 
criminal justice system are designed expressly to 
frustrate police officers in their efforts to neutralize 
criminals. Police tend to be impatient with the legal 
safeguards provided by the U.S. Constitution, 
because they see that, although the small offender is 
relatively easy to prosecute, the sophisticated big- 
time operator knows every loophole the laws allows, 
and has an attorney who takes full advantage of 
them. 


In this light, police investigators are often tempted 
to take short-cuts, to tamper slightly with the 
evidence, to make a case. This remodeling may be as 
mild as perjury to establish “probable cause,” or it 
may be an outright planting of evidence. 

In criminal cases, there may be more than one 
reason to plant evidence. The obvious one is to be 
able to “bust” a suspect for possession of 
contraband, or to be able to provide evidence of guilt 
on a specific charge. 

The second is to hamper the suspect's activities. 
Some states have laws that stipulate that police may 
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confiscate any goods or instruments used ina crime. 
In the case of illegal substances, such as drugs, the 
connection is obvious and clear, and affords the 
police their best opportunities. 

A police officer who finds drugs in a car can make 
a case that leads to confiscation of that car. An 
aircraft used in drug smuggling is also liable to 
confiscation, if an officer finds drugs in it, no matter 
what the quantity. Taking a drug dealer's car or 
airplane imposes a hardship on him, and puts a kink 
in his operations, as well as giving an open window 
to a criminal prosecution. 


What happens to the confiscated items is the most 
interesting aspect. Many under-budgeted enforce- 
ment units welcome the acquisition of a car or 
airplane to help them in their efforts. A car can be 
useful for shadowing, especially if it's a different 
make and body style than the unit's vehicles. Many 
narco detectives and undercover agents make good 
use of confiscated vehicles. An aircraft is useful for 
spotting marijuana fields from the air, and in fact 
several narco units use confiscated aircraft for this, 
as well as some procured through the normal 
budget.2 


Money and drugs seized are useful for subsidizing 
undercover operations. They serve to pay informers, 
who collect both in money and in drugs. Although 
not legal, officers sometimes make subsistence 
payments in drugs. In other instances, they can use 
a seized supply of drugs to make a “sale.” 

Under some state laws, outgrowths of the Federal 
“RICO” (Racketeering Influenced and Corrupt 
Organizations) law, the proceeds of crime are subject 
to confiscation, to take the profit out of crime. When 
law officers can apply this, it's very effective and can 
cripple an illegal operation, leaving the defendant 
without enough funds to pay for a lawyer. 
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Planting evidence is useful in_ private 
investigations, too. While it's illegal to investigate 
union activities, a private agent can work for the 
ostensible purpose of uncovering a theft ring, 
substantiating his operation by planted evidence. A 
company president who fears unionization can hire 
an undercover agent to plant evidence of theft 
among the union organizers. This gives good “cover” 
for an investigation resulting in dismissal of the 
employees, and even prosecution. 

None of this goes down on paper, of course, to 
prevent any legal complications later. Thus, we see 
that an undercover operation can run on several 
levels, have wheels within wheels, one layer 
concealing the ones beneath. 

Planting of evidence isn't limited to law officers or 
company officials. Members of a theft ring may plant 
evidence on an innocent party to draw suspicion 
away from themselves. There may not even be any 
criminal activity. In company politics, there’s often 
sharp rivalry between upward strivers angling for 
favor or promotion. Planting evidence is a way of 
discrediting a competitor. This technique can have 
many subtle variations. 


A machinist, his eye on the foreman's job, may slip 
a defective piece or two into a bin of parts turned out 
by a rival for that job. Leaving the classified section 
of a newspaper open to the employment ads on a 
rival's desk for others to see can “incriminate” him 
indirectly, suggesting that he’s job-seeking. 

We see that there are endless possibilities of 
abuses in undercover work, many ways of 
circumventing the law effectively to gain an 
advantage and to fabricate a case. Because a cover- 
up is an essential part of such an effort, there’s no 
way to estimate accurately how widespread these 
illegal practices are. Using the “tip of the iceberg” 
theory, we can assume that, for every one exposed, 
there are many that remain deeply in the shadows. 
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Sources 


1. Personal knowledge of the author. This example, 
with its uncertainties and guesswork, illustrates 
perfectly the shadowy world of undercover work. 


2. A member of a sheriff's department revealed quite 
candidly that he and some others on the staff were 
quite eager to procure an aircraft or two for the 
department, as they had in the past. Previous 
aircraft had been confiscated from drug smugglers, 
and served the sheriffs department well for aerial 
surveillance. Some time after this discussion, the 
sheriffs department was involved in two unsavory 
affairs dealing with planted evidence and 
entrapment, but it still hasn't managed to seize an 
aircraft. 
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BOWING OUT: 


TERMINATION OF THE 
ASSIGNMENT 


Once the case is closed, what to do with the agent 
becomes a question that needs a shrewd answer. In 
certain instances, it answers itself. The undercover 
agent who testifies in court blows his cover. This 
happens in cases where prosecution is more 
important than retaining the agent in place. 


Where there’s no imperative to expose the agent, it 
may be advisable to keep him running. In an 
employment misconduct investigation, the agent 
doesn’t necessarily suffer exposure, and it's almost 
certain that there will be more cases to investigate in 
the future. A bonus is that the longer the agent stays, 
working discreetly, the deeper and more 
impenetrable his cover becomes. 


In some instances, the agent terminates himself 
through stupidity and clumsiness. As discussed in 
the chapter, “Getting Down to Cases,” the under- 
cover agent who told the boss that he'd have his 
resignation after the union election blew his cover, if 
he had any left, right then. This agent was clumsy 
and emotionally unstable, trying to lead a life that 
conformed with his adventurous and conspiratorial 
fantasies. 


A sudden departure at the conclusion of the 
assignment can only lead to suspicion. This doesn’t 
affect the current case, but if there’s any future need 
to insert an undercover agent, it will be more 
difficult. 
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The agent who stays in place can report on the 
after-shocks of the dismissals or arrests. He can also 
try to uncover any persons who were not detected in 
the first phase of the investigation. Sometimes, 
disposing of a criminal ring creates a vacuum, and 
someone else steps in to fill it. These are good 
reasons for trying to keep the agent in place after the 
immediate assignment is over. Some companies 
have permanent undercover agents as a matter of 
course, just aS some government intelligence 
services maintain “sleeper agents” who don't do 
anything until activated. Keeping an undercover 
agent as a “sleeper” can be expensive, but in the long 
Tun, it facilitates quick reaction if a problem comes 
up. 

The sleeper protects his security by being inactive. 
During this phase, which can last for years, he 
makes no contact, conducts no investigation, and 
doesn't risk exposing himself. 

Activating a sleeper can come about in two ways: 
the control can contact him with new instructions; 
or he can activate himself if he comes across 


something which deserves attention. In such a case, 
there's a pre-established method of contacting the 
control to explain the situation to him and receive 
instructions. 


In some instances, extreme measures become 
necessary to protect the agent's usefulness. Carmine 
Motto, an undercover Secret Service Agent, was 
“arrested” along with others to protect his cover.; 

Engineering an “arrest” involves long-term 
planning. The agent may have to spend time in jail, 
awaiting trial or the opportunity for a rigged 
“escape.” Trial and conviction, resulting in a prison 
sentence, can cement the agent's relations with his 
criminal associates, by utterly dissolving suspicion, 
but few people are willing to spend years in prison 


for what's basically just a job. That is why this 
method isn’t practical to carry to its logical 
conclusion. 

If it's necessary to withdraw the agent, timing and 
method are important. In any situation, the agent 
can leave for “family” reasons, such as a death or 
sickness of a distant relative. Meeting or 
reconciliation with an ex-wife or old girl-friend can 
be a useful cover motive. He can even arrange to be 
“fired” or “laid-off’ to explain his departure. A new 
“job” far away also serves to smooth his leaving. 


The need for finesse doesn't end with the 
assignment. Bowing out gracefully is important, 
both to protect the agent and future prospects. 


Sources 


1. Undercover, Carmine Motto, Springfield, IL, 
Charles C. Thomas, Publisher, 1971. The 
frontispiece shows Mr. Motto, looking seedy and 
disreputable, in a photograph taken by police at his 
arrest. 
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DEFENSIVE MEASURES 


Because of the widespread illegal use of 
undercover techniques, it’s necessary to cover ways 
of defense, to give a potential victim the means of 
avoiding entrapment, “framing,” and other dangers. 
You may feel you lead an honest and straight- 
forward life, and therefore are immune to such 
nefarious practices. Not necessarily. We've seen some 
examples of how people innocent of any crime may 
be victimized to serve someone's purpose. Let's run 
over a few examples of how and why you might be 
vulnerable: 

™® You might become a suspect in a criminal 
investigation, although completely innocent. 
Anyone who works for another can't be certain that 
all his fellow employees are as honest as he is. If 
there's some illegal practice where you work, you can 
be sure of becoming a possible suspect, unless and 
until an investigation clears you. 

@ Watergate. This conspicuous example of double- 
dealing in politics serves as a warning to anyone 
seeking political office. While the degree of guilt or 
involvement of some of the participants is still open 
in some people's minds, there's no doubt that some 
illegal methods came into play, including burglary 
and bugging. 

@ Framing by a criminal, to misdirect attention, or 
to eliminate you as a rival. 
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@ Industrial espionage. If you're an executive for a 
large or small company, you know the opportunities 
for profit inherent in stealing another's proprietary 
processes. If a rival firm can discover the technical 

- details of a new process or invention before the 
inventor can patent it, it saves the cost of 
independent research. Similarly, automobile and 
fashion designers are always itching to find out what 
their competitors are doing, and routinely employ 
agents for this purpose. 

® Blackmail. If you have something you want to 
keep quiet, this makes you a potential target for a 
blackmailer. There's every reason to assume that 
blackmail is much more common than the record of 
official prosecutions shows. Victims have great 
incentive not to report the attempt to the police, and 
to comply with the blackmailer’s demands. 

® Union activities. Espionage and undercover 
work are on both sides of this explosive issue. 
Companies use spies, and unions often use similar 
methods to gain an advantage. If you work for a 
company being organized by a union, or with one 
already present, you'll find it hard not to get caught 
in the middle. You'll find yourself being tested by 
both sides, to discover where your loyalty lies. 

@ An “inside man” for a burglary or robbery ring. If 
you're in a line of business in which there are items 
worth stealing, such as furs, drugs, electronic 
equipment and jewelry, you may have an applicant 
who is really an “inside man” for a criminal gang. His 
real job will be to “case” the layout, and report back 
to his accomplices. He'll be looking carefully at your 
doors, windows, alarm systems, safes, and schedules. 
Such an “inside man” is virtually undetectable. 


Defensive Measures 


Let's start out by stating the obvious: there are no 
100% _ effective defenses against undercover 
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penetration, and the effort involved sooner or later 
passes the point of diminishing returns. There are 
various means to reduce the threat, but no absolute 
barriers. The best course is to take some defensive 
steps, in order not to make it too easy for an 
undercover agent. Going to an extreme can take up 
all your time, have you suspecting all your friends, 
associates, and employees, and significantly impair 
your other activities. 

The level of your defenses will depend on who you 
are and what your situation is. You'll want to be 
more careful if you see yourself vulnerable, or if 
someone might have an incentive to use undercover 
techniques against you. If you're in one of the 
situations listed above, you have reason to be fearful. 

Defense against undercover penetration revolves 
around security techniques, some of which are 
simple, and others which may be too elaborate and 
costly to you. Some may even be unnecessary. Let's 
examine them one by one, and see how applicable 
they are to you. 

Need to know. This is one of the simplest to use, 
and costs nothing. Don't disclose sensitive 
information to anyone who doesn’t need to know it. 
One point to watch here is “bar talk,” as there are 
many secrets revealed under alcoholic lubrication. 

It's possible to go to extremes in this. An attitude 
of overt secretiveness will offend associates and 
employees. It's possible to deflect indiscreet 
questions without offending, and simply not 
bringing up sensitive topics will do the rest. 

A technique allied to need to know is 
compartmentalization of information. There's 
usually no need to spread sensitive information 
throughout the whole group. A company project may 
be broken up into fragments, all assigned to different 
departments, with only one or two at the top 
knowing the full extent of the project and its 
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progress. Limiting vital information to the few who 
need to know keeps it in bounds, and if there's a leak 
you have a ready-made suspect list. 


Compartmentalization helps both in limiting 
damage from leaks and espionage, and in pin- 
pointing the source if it occurs. A piece of 
information will be known only to a few in the 
organization, and these will be the ones to 
investigate if there's evidence that this piece of 
information has leaked. 

A further counter-intelligence technique is 
“feeding” information to a suspect and watching for 
results. An example is to tell one suspect that there 
will be a meeting at a certain time at a certain place, 
and then watch for surveillance or other reaction. If 
there is, the leak could have come only from the 
person to whom you gave this information. 


Counter-surveillance. This can work with 
“feeding.” Tailing or shadowing a suspect to see 
whom he meets can consume.a lot of time, but if you 
limit the surveillance to the period immediately after 
passing him a morsel of “hot” information, you may 
see him making a contact. 


This is a one-sided technique, because while 
positive information, e.g., catching him making a 
suspicious contact, is conclusive, negative inform- 
ation is not. If your suspect is a fellow union 
member, and you pass him some “hot” information, 
you may be able to follow him while he goes to the 
company president's house to deliver it. More likely, 
though, he'll make a phone call, and unless you 
happen to tap the phone he uses for this, you won't 
intercept the call. Negative evidence doesn't prove 
him innocent. 

Background checks on new employees. This 
doesn't have to be elaborate, but it's important not to 
accept anyone at face value. A basic step is to check if 
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the applicant really worked where he says he did. 
Often, it's possible to check references because you 
know someone who works at or owns the company at 
which the candidate claims to have worked. 

Often, because in a certain field everybody knows 
everyone else, it's possible to get “the word” on a new 
employee simply by asking around. A spurious 
applicant will stand out. 

A history of job-hopping, or a history that doesn't 
go back by more than a few months in your locale is 
cause for suspicion. Look very carefully for previous 
employment in a company that has had labor 
problems, theft, and other disturbances. This is an 
early warning that the new man may be a 
penetration agent. Anyone from _ out-of-town 
deserves special study. 

Be careful of new acquaintances. This doesn't 
mean treating them all with deep suspicion, but 
holding them at arm's length until you're satisfied 
they're trustworthy. Be especially careful of one who 
makes damaging admissions, and seems to be using 
the techniques of “roping,” which are subtle. 

In this regard, learn to be a sympathetic listener, 
rather than a talker. Many of us like to talk, and if we 
must, it's better to talk about a harmless topic such 
as sports or philosophy rather than a personal one. 

Just because someone's been accepted by a friend 
of yours doesn't mean he's trustworthy. Wait and 
exercise your independent judgement. 

Make it a habit to remain alert, not overtly so, but 
aware of what's going on around you. Learn people's 
habit patterns, and scrutinize behavior that departs 
from the norm. 

Watch your property, without making it obvious. 
Lock your car, and learn to look to see if anything has 
been disturbed when coming back to your office or 
home. Remember the way you leave things, and note 


if anything’s been moved. Use bits of dust or 
cigarette ashes to determine if anyone's opened your 
toolbox or briefcase. A staple or paperclip will tell a 
tale if it's not in the place you left it. 


Be careful when drinking. Choose your drinking 
partners carefully, and never get so drunk that you 
talk a blue streak. 


If anyone propositions you to do something 
illegal or unethical, be doubly careful. This is 
especially true if you're involved with a quasi- 
political activity, such as a mass movement or labor 
union. There are agent-provocaters out there, trying 
to lead people into exposing themselves to 
prosecution. 

This can be a double-edged danger. Agreeing to do 
something illegal can be damaging. Failure to report 
the attempt can also count against you. Some 
companies run this sort of “loyalty test” on their 
employees, and most of the sensitive government 
services do. One defense against this is to leave 
immediately whenever you find someone starting to 
proposition you this way. Don't let your curiosity 
overwhelm you. If you don’t hear the entire “offer,” 
you can later protect yourself by saying that you 
didn’t take the person seriously, or that you thought 
he'd had too much to drink, etc. Another counter- 
measure is to laugh, adopting a mocking manner. 
Remember that the conversation might be taped, 
and your manner and words will count against you if 
you listen seriously and take part in the discussion. 

If you become aware of someone doing anything 
dishonest, play it very cool. Don't let him know that 
you know, if possible, and don’t join him, no matter 
how tempting. 

Ina new workplace, keep your cards very close to 
your vest until you know who's who. An indiscreet 
remark could easily come back to haunt you. A 
sympathetic person might be the boss's brother-in- 
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law. Until you've been there awhile, you won't know 
who the boss's snitch is. In normal times, the 
“company men” are conspicuous. During 
management-labor crises, new people may be 
undercover agents. 

Be especially careful in emotional moments. It's 
very easy, on the job, to say something indiscreet 
during a moment of anger or frustration. It's also 
important to keep a low profile during group 
discussions, when many people feel inclined to speak 
up. The topic might be dangerous, and keeping 
silent or non-committal is one way of avoid 
gratuitous trouble. 

Trust your family before you trust outsiders. This 
is the principle that made the Mafia great. Blood is 
still thicker than water, in this turbulent century, 
and family members are less likely to betray you than 
non-relatives. 

Many “family businesses” operate this way, with 
the key slots reserved for relatives, even though 
“nepotism” is a bad word nowadays. 

Long-term friends are usually more reliable than 
new ones, no matter how close the new relationship 
may be. It takes time to infiltrate a penetration agent, 
or to develop an informer, and one who was a close 
friend or associate well before the immediate 
situation is much more likely to be reliable than 
another who just blew in. 

If you're an employer, keep in mind that the way 
you treat your people will have a lot to do with their 
loyalty. Being fair isn’t protection against the 
professional criminal, but if morale is high, employee 
loyalty will be high too, and you're likely to have fewer 
theft and labor problems. 


Sources 


1. At age 19, while working in a retail camera shop, 
the author was wrongly accused of stealing a camera 
by the owner, who forgot that he had sold the camera 
in question two days before. 
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